CVE-2025-7619

| EUVD-2025-21300 HIGH
2025-07-14 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 16, 2026 - 09:43 vuln.today
EUVD ID Assigned
Mar 16, 2026 - 09:43 euvd
EUVD-2025-21300
CVE Published
Jul 14, 2025 - 04:15 nvd
HIGH 8.8

Tags

Microsoft RCE Windows

Description

BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attackers can write arbitrary files to any path and potentially lead to arbitrary code execution.

Analysis

CVE-2025-7619 is an Arbitrary File Write vulnerability in BatchSignCS, a background Windows application by WellChoose, that allows remote attackers with low privileges to write arbitrary files to any filesystem path via malicious website visits, potentially enabling arbitrary code execution. The vulnerability has a CVSS score of 8.8 (High) and requires user interaction (visiting a malicious site) but no elevated privileges; real-world exploitability depends on KEV listing status and public POC availability, which are not confirmed in the provided data.

Technical Context

BatchSignCS is a Windows background service developed by WellChoose that appears to process or sign batch operations. The vulnerability stems from CWE-23 (Relative Path Traversal), indicating improper sanitization of file path inputs that could allow an attacker to traverse directory structures and write files outside intended directories. The attack vector is Network (AV:N), suggesting the application processes untrusted input from web sources without proper validation. The root cause is likely insufficient input validation when handling file write operations triggered by web-based interactions, allowing path traversal sequences (e.g., ../ or absolute paths) to reach arbitrary filesystem locations.

Affected Products

Product: BatchSignCS; Vendor: WellChoose; Type: Windows background application/service. Specific affected versions are not provided in the source data. The application appears to be deployed as a persistent Windows service that processes background tasks. Affected configurations likely include any Windows system with BatchSignCS installed and running. A CPE string would be structured as: cpe:2.3:a:wellchoose:batchsigncs:*:*:*:*:*:windows:*:* (with version wildcards pending specific version disclosure in vendor advisories).

Remediation

1. IMMEDIATE: Disable or uninstall BatchSignCS if not critical to operations until a patch is released. 2. NETWORK MITIGATION: Restrict network access to BatchSignCS processes using Windows Firewall rules to limit inbound connections from untrusted sources. 3. MONITOR: Watch for suspicious file write operations to unusual paths on systems running BatchSignCS. 4. PATCH: Contact WellChoose for security updates and patch availability; monitor vendor security advisories at [vendor website/security bulletin location not provided in source data]. 5. WORKAROUND: If available, disable web-triggered file operations in BatchSignCS configuration pending patching. 6. PRINCIPLE OF LEAST PRIVILEGE: Ensure BatchSignCS runs with minimal necessary Windows permissions to limit the scope of arbitrary file writes.

Priority Score

45
Low Medium High Critical
KEV: 0
EPSS: +1.0
CVSS: +44
POC: 0

Share

CVE-2025-7619 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy