Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a non-administrative user to execute an arbitrary code with SYSTEM privilege.
AnalysisAI
RATOC RAID Monitoring Manager for Windows contains an insecure directory permissions vulnerability when the installation folder is customized to a non-default location. The installer fails to properly set access control lists (ACLs) on custom installation directories, allowing non-administrative users to modify folder contents and execute arbitrary code with SYSTEM privileges. With a CVSS 4.0 score of 8.5, this represents a high-severity local privilege escalation vulnerability affecting Windows systems where this RAID management software is installed.
Technical ContextAI
This vulnerability stems from CWE-276 (Incorrect Default Permissions), where the software installer fails to properly configure directory ACLs during custom installations. The affected product is RATOC RAID Monitoring Manager for Windows (CPE: cpe:2.3:a:ratoc_systems,_inc.:ratoc_raid_monitoring_manager_for_windows), a RAID array monitoring and management solution from RATOC Systems. When users choose a non-default installation path during setup, the installer does not apply restrictive file system permissions, leaving the directory writable by low-privileged users. This allows malicious actors to replace legitimate binaries or DLLs with malicious versions that will execute with SYSTEM privileges when the service or application runs, a classic DLL hijacking or binary replacement attack pattern in Windows environments.
RemediationAI
Apply the security update provided by RATOC Systems as detailed in their advisory at https://www.ratocsystems.com/topics/userinfo/raidmanager202508/. Organizations should verify the file system permissions on their RATOC RAID Monitoring Manager installation directories, particularly if custom paths were selected during installation. Administrators can manually correct ACLs by restricting write access to the installation directory to only SYSTEM and Administrators groups, removing write permissions for standard users and authenticated users groups using Windows icacls or File Explorer security settings. For systems that cannot be immediately patched, limit local user access to affected machines and implement application whitelisting or execution controls to prevent unauthorized binary execution. Monitor the installation directory for unexpected file modifications and consider reinstalling to the default directory path where proper ACLs are automatically applied.
Same weakness CWE-276 – Incorrect Default Permissions
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16126