Refine your search
2 vulnerabilities found for _connect.BRAIN by Bizerba
CVE-2025-12507 (GCVE-0-2025-12507)
Vulnerability from nvd
Published
2025-10-31 15:48
Modified
2025-10-31 18:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-428 - Unquoted Search Path or Element
Summary
The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bizerba | _connect.BRAIN |
Version: 0.0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T18:17:08.521501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T18:17:20.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows"
],
"product": "_connect.BRAIN",
"vendor": "Bizerba",
"versions": [
{
"lessThan": "5.02",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bizerba:_connect.brain:*:*:windows:*:*:*:*:*",
"versionEndExcluding": "5.02",
"versionStartIncluding": "0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed.\u003cbr\u003e"
}
],
"value": "The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T15:48:36.371Z",
"orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"shortName": "bizerba"
},
"references": [
{
"url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0005.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to version \u2265 5.02\u003cbr\u003e"
}
],
"value": "Update to version \u2265 5.02"
}
],
"source": {
"advisory": "BIZERBA-SA-2025-0005",
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-01-15T23:00:00.000Z",
"value": "Release of new Version _connect.BRAIN 5.02"
},
{
"lang": "en",
"time": "2025-10-30T23:00:00.000Z",
"value": "Publish Security Advisory"
}
],
"title": "Insecure service configuration \u2013 unquoted path",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Enclose the service path in the registry in quotes: HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BCS\\ImagePath\u003cbr\u003e"
}
],
"value": "Enclose the service path in the registry in quotes: HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BCS\\ImagePath"
}
],
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"assignerShortName": "bizerba",
"cveId": "CVE-2025-12507",
"datePublished": "2025-10-31T15:48:36.371Z",
"dateReserved": "2025-10-30T14:08:49.409Z",
"dateUpdated": "2025-10-31T18:17:20.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12507 (GCVE-0-2025-12507)
Vulnerability from cvelistv5
Published
2025-10-31 15:48
Modified
2025-10-31 18:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-428 - Unquoted Search Path or Element
Summary
The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bizerba | _connect.BRAIN |
Version: 0.0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T18:17:08.521501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T18:17:20.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows"
],
"product": "_connect.BRAIN",
"vendor": "Bizerba",
"versions": [
{
"lessThan": "5.02",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bizerba:_connect.brain:*:*:windows:*:*:*:*:*",
"versionEndExcluding": "5.02",
"versionStartIncluding": "0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed.\u003cbr\u003e"
}
],
"value": "The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T15:48:36.371Z",
"orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"shortName": "bizerba"
},
"references": [
{
"url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0005.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to version \u2265 5.02\u003cbr\u003e"
}
],
"value": "Update to version \u2265 5.02"
}
],
"source": {
"advisory": "BIZERBA-SA-2025-0005",
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-01-15T23:00:00.000Z",
"value": "Release of new Version _connect.BRAIN 5.02"
},
{
"lang": "en",
"time": "2025-10-30T23:00:00.000Z",
"value": "Publish Security Advisory"
}
],
"title": "Insecure service configuration \u2013 unquoted path",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Enclose the service path in the registry in quotes: HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BCS\\ImagePath\u003cbr\u003e"
}
],
"value": "Enclose the service path in the registry in quotes: HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BCS\\ImagePath"
}
],
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"assignerShortName": "bizerba",
"cveId": "CVE-2025-12507",
"datePublished": "2025-10-31T15:48:36.371Z",
"dateReserved": "2025-10-30T14:08:49.409Z",
"dateUpdated": "2025-10-31T18:17:20.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}