Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities by RATOC Systems, Inc.
JVNDB-2026-000044
Vulnerability from jvndb - Published: 2026-03-26 17:41 - Updated:2026-03-26 17:41
Severity
Summary
Multiple vulnerabilities in the installer of RATOC RAID Monitoring Manager for Windows
Details
The installer of RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. contains multiple vulnerabilities listed below.
- Uncontrolled search path element (CWE-427) - CVE-2026-28760
- Incorrect default permissions (CWE-276) - CVE-2026-32680
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000044.html",
"dc:date": "2026-03-26T17:41+09:00",
"dcterms:issued": "2026-03-26T17:41+09:00",
"dcterms:modified": "2026-03-26T17:41+09:00",
"description": "The installer of RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. contains multiple vulnerabilities listed below.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/427.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/276.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eUncontrolled search path element (CWE-427) - CVE-2026-28760\u003c/li\u003e\u003cli\u003eIncorrect default permissions (CWE-276) - CVE-2026-32680\u003c/li\u003e\u003c/ul\u003eKazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000044.html",
"sec:cpe": {
"#text": "cpe:/a:misc:ratoc_raidutility",
"@product": "RATOC RAID Monitoring Manager",
"@vendor": "RATOC Systems, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000044",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN08057419/index.html",
"@id": "JVN#08057419",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-28760",
"@id": "CVE-2026-28760",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-32680",
"@id": "CVE-2026-32680",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in the installer of RATOC RAID Monitoring Manager for Windows"
}
JVNDB-2025-000073
Vulnerability from jvndb - Published: 2025-09-05 16:20 - Updated:2025-09-05 16:20
Severity
Summary
RATOC RAID Monitoring Manager for Windows registers a Windows service with an unquoted file path
Details
RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. contains the following vulnerability.
- Unquoted search path or element (CWE-428) - CVE-2025-58400
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000073.html",
"dc:date": "2025-09-05T16:20+09:00",
"dcterms:issued": "2025-09-05T16:20+09:00",
"dcterms:modified": "2025-09-05T16:20+09:00",
"description": "RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. contains the following vulnerability.\u003cul\u003e\u003cli\u003eUnquoted search path or element (CWE-428) - CVE-2025-58400\u003c/li\u003e\u003c/ul\u003e\r\nKazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000073.html",
"sec:cpe": {
"#text": "cpe:/a:misc:ratoc_raidutility",
"@product": "RATOC RAID Monitoring Manager",
"@vendor": "RATOC Systems, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000073",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN98737186/index.html",
"@id": "JVN#98737186",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-58400",
"@id": "CVE-2025-58400",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "RATOC RAID Monitoring Manager for Windows registers a Windows service with an unquoted file path"
}
CVE-2026-32680 (GCVE-0-2026-32680)
Vulnerability from nvd – Published: 2026-03-26 06:55 – Updated: 2026-03-26 14:13
VLAI
Summary
The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a non-administrative user to execute an arbitrary code with SYSTEM privilege.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect default permissions
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RATOC Systems, Inc. | RATOC RAID Monitoring Manager for Windows |
Affected:
prior to 2.00.009.260220
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T14:12:26.563846Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T14:13:14.348Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RATOC RAID Monitoring Manager for Windows",
"vendor": "RATOC Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 2.00.009.260220"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a non-administrative user to execute an arbitrary code with SYSTEM privilege."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T06:55:18.684Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ratocsystems.com/topics/userinfo/raidmanager202508/"
},
{
"url": "https://jvn.jp/en/jp/JVN08057419/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-32680",
"datePublished": "2026-03-26T06:55:18.684Z",
"dateReserved": "2026-03-19T02:37:43.433Z",
"dateUpdated": "2026-03-26T14:13:14.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28760 (GCVE-0-2026-28760)
Vulnerability from nvd – Published: 2026-03-26 06:54 – Updated: 2026-03-26 14:17
VLAI
Summary
The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs. If a user is directed to place a crafted DLL with the installer, an arbitrary code may be executed with the administrator privilege.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RATOC Systems, Inc. | RATOC RAID Monitoring Manager for Windows |
Affected:
prior to 2.00.009.260220
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28760",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T14:16:40.619607Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T14:17:16.467Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RATOC RAID Monitoring Manager for Windows",
"vendor": "RATOC Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 2.00.009.260220"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs. If a user is directed to place a crafted DLL with the installer, an arbitrary code may be executed with the administrator privilege."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T06:54:59.213Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ratocsystems.com/topics/userinfo/raidmanager202508/"
},
{
"url": "https://jvn.jp/en/jp/JVN08057419/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-28760",
"datePublished": "2026-03-26T06:54:59.213Z",
"dateReserved": "2026-03-19T02:37:39.933Z",
"dateUpdated": "2026-03-26T14:17:16.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58400 (GCVE-0-2025-58400)
Vulnerability from nvd – Published: 2025-09-05 05:36 – Updated: 2025-09-05 13:37
VLAI
Summary
RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted search path or element
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RATOC Systems, Inc. | RATOC RAID Monitoring Manager for Windows |
Affected:
prior to Ver.2.00.09.250820
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58400",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-05T13:35:58.062962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-05T13:37:08.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RATOC RAID Monitoring Manager for Windows",
"vendor": "RATOC Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.00.09.250820"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted search path or element",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-05T05:36:34.661Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ratocsystems.com/topics/userinfo/raidmanager202508/"
},
{
"url": "https://www.ratocsystems.com/dlsoft/dlsoft_storage/dlsoft_hddcase/raidmanager/"
},
{
"url": "https://jvn.jp/en/jp/JVN98737186/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-58400",
"datePublished": "2025-09-05T05:36:34.661Z",
"dateReserved": "2025-08-31T23:53:41.176Z",
"dateUpdated": "2025-09-05T13:37:08.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-32680 (GCVE-0-2026-32680)
Vulnerability from cvelistv5 – Published: 2026-03-26 06:55 – Updated: 2026-03-26 14:13
VLAI
Summary
The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a non-administrative user to execute an arbitrary code with SYSTEM privilege.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect default permissions
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RATOC Systems, Inc. | RATOC RAID Monitoring Manager for Windows |
Affected:
prior to 2.00.009.260220
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T14:12:26.563846Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T14:13:14.348Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RATOC RAID Monitoring Manager for Windows",
"vendor": "RATOC Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 2.00.009.260220"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a non-administrative user to execute an arbitrary code with SYSTEM privilege."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T06:55:18.684Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ratocsystems.com/topics/userinfo/raidmanager202508/"
},
{
"url": "https://jvn.jp/en/jp/JVN08057419/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-32680",
"datePublished": "2026-03-26T06:55:18.684Z",
"dateReserved": "2026-03-19T02:37:43.433Z",
"dateUpdated": "2026-03-26T14:13:14.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28760 (GCVE-0-2026-28760)
Vulnerability from cvelistv5 – Published: 2026-03-26 06:54 – Updated: 2026-03-26 14:17
VLAI
Summary
The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs. If a user is directed to place a crafted DLL with the installer, an arbitrary code may be executed with the administrator privilege.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RATOC Systems, Inc. | RATOC RAID Monitoring Manager for Windows |
Affected:
prior to 2.00.009.260220
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28760",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T14:16:40.619607Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T14:17:16.467Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RATOC RAID Monitoring Manager for Windows",
"vendor": "RATOC Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 2.00.009.260220"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs. If a user is directed to place a crafted DLL with the installer, an arbitrary code may be executed with the administrator privilege."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T06:54:59.213Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ratocsystems.com/topics/userinfo/raidmanager202508/"
},
{
"url": "https://jvn.jp/en/jp/JVN08057419/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-28760",
"datePublished": "2026-03-26T06:54:59.213Z",
"dateReserved": "2026-03-19T02:37:39.933Z",
"dateUpdated": "2026-03-26T14:17:16.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58400 (GCVE-0-2025-58400)
Vulnerability from cvelistv5 – Published: 2025-09-05 05:36 – Updated: 2025-09-05 13:37
VLAI
Summary
RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted search path or element
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RATOC Systems, Inc. | RATOC RAID Monitoring Manager for Windows |
Affected:
prior to Ver.2.00.09.250820
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58400",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-05T13:35:58.062962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-05T13:37:08.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RATOC RAID Monitoring Manager for Windows",
"vendor": "RATOC Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.00.09.250820"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted search path or element",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-05T05:36:34.661Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ratocsystems.com/topics/userinfo/raidmanager202508/"
},
{
"url": "https://www.ratocsystems.com/dlsoft/dlsoft_storage/dlsoft_hddcase/raidmanager/"
},
{
"url": "https://jvn.jp/en/jp/JVN98737186/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-58400",
"datePublished": "2025-09-05T05:36:34.661Z",
"dateReserved": "2025-08-31T23:53:41.176Z",
"dateUpdated": "2025-09-05T13:37:08.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}