# CVE-2025-9043
## Description
An **Unquoted Search Path or Element** vulnerability (CWE-428) exists in **Seagate Toolkit** on Windows versions prior to **2.34.0.33**.
The service executable path is not properly quoted, allowing an attacker with **administrative privileges** and **write access** to the root of the affected directory to place a malicious `Program.exe` file. When the vulnerable service is started, the malicious binary executes with **SYSTEM** privileges.
## Affected Product
- **Vendor:** Seagate Technology
- **Product:** Seagate Toolkit
- **Platform:** Windows
- **Version:** Prior to 2.34.0.33
- **Component:** Service executable path
## Vulnerability Details
- **Vulnerability Type:** Unquoted Search Path or Element (CWE-428)
- **Attack Type:** Local
- **Impact:**
- Escalation to SYSTEM privileges
- **CVE ID:** [CVE-2025-9043](https://nvd.nist.gov/vuln/detail/CVE-2025-9043)
- **CVSS Score (CNA):** 6.7 (Medium)
- **CVSS Vector:** `CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N`
## Discoverer
Natthawut Saexu
## Proof of Concept (PoC)
The tester prepared a malicious DLL and a script to continuously copy it to the user-controlled path.
The tester ran the installer and changed the installation path to a user-controllable location.
After the installation completed, the tester gained a reverse shell back to the attack machine with SYSTEM privileges.
## References
- [NVD – CVE-2025-9043](https://nvd.nist.gov/vuln/detail/CVE-2025-9043)
- [MITRE CVE Record](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9043)
- [Vendor Advisory – Seagate](https://www.seagate.com/product-security/#security-advisories)
[4.0K] /data/pocs/874ec8a0d47d876f1a94b6009b4559b905ef1413
├── [4.0K] images
│ ├── [ 87K] 1.png
│ ├── [350K] 2.png
│ ├── [520K] 3.png
│ └── [1.4M] 4.png
└── [1.8K] README.md
1 directory, 5 files