Plattform
windows
Komponente
batchsigncs
Behoben in
3.318.1
CVE-2025-7619 describes a Path Traversal vulnerability discovered in BatchSignCS, a background Windows application developed by WellChoose. This vulnerability allows remote attackers to write arbitrary files to any path on the system, potentially leading to arbitrary code execution. The vulnerability affects versions 0 through 3.318 of BatchSignCS and has been resolved in version 3.318.1.
The impact of this vulnerability is significant. An attacker can exploit it by crafting a malicious website that, when visited by a user with BatchSignCS running, triggers the arbitrary file write. This allows the attacker to overwrite critical system files, inject malicious code, or gain persistent access to the compromised system. The potential for arbitrary code execution means the attacker could achieve complete control over the affected machine, including data theft, privilege escalation, and lateral movement within the network. This vulnerability shares similarities with other file write vulnerabilities where attackers leverage user interaction to gain unauthorized access.
CVE-2025-7619 was publicly disclosed on 2025-07-14. The vulnerability's ease of exploitation, combined with the potential for remote code execution, suggests a medium probability of exploitation (EPSS score likely medium). No public proof-of-concept (POC) code has been publicly released as of this writing, but the vulnerability's nature makes it likely that one will emerge. Monitor security advisories and threat intelligence feeds for updates.
Organizations using BatchSignCS for code signing or digital signature workflows are at significant risk. Systems with limited user awareness and those exposed to untrusted websites are particularly vulnerable. Shared hosting environments where multiple users share the same system could also amplify the impact of this vulnerability.
• windows / supply-chain:
Get-Process | Where-Object {$_.ProcessName -eq "BatchSignCS"}• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='BatchSignCS']]]" -MaxEvents 10• windows / supply-chain: Check Autoruns for unusual entries related to BatchSignCS. • windows / supply-chain: Monitor Windows Defender for alerts related to BatchSignCS and suspicious file write activity.
disclosure
Exploit-Status
EPSS
1.06% (77% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-7619 is to immediately upgrade BatchSignCS to version 3.318.1 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing temporary workarounds. While a direct WAF rule is unlikely to be effective due to the nature of the vulnerability, monitoring network traffic for suspicious file write attempts to unusual locations could provide some early warning. Review BatchSignCS configuration to ensure it is running with the least privileges necessary. After upgrading, confirm the fix by attempting to trigger the vulnerability with a known malicious payload and verifying that the file write is blocked.
Actualizar BatchSignCS a la última versión disponible proporcionada por el proveedor, WellChoose. Si no hay una actualización disponible, contacte al proveedor para obtener un parche o una solución alternativa. Evite visitar sitios web no confiables mientras la aplicación está en ejecución.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-7619 is a Path Traversal vulnerability in WellChoose's BatchSignCS application, allowing attackers to write arbitrary files and potentially execute code remotely.
You are affected if you are using BatchSignCS versions 0 through 3.318. Upgrade to 3.318.1 or later to mitigate the risk.
Upgrade BatchSignCS to version 3.318.1 or later. If immediate upgrade is not possible, implement network controls to block access to malicious websites.
While no active exploitation has been confirmed, the vulnerability's nature suggests a potential for exploitation, and monitoring is advised.
Refer to WellChoose's official website and security advisories for the latest information and updates regarding CVE-2025-7619.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.