USB Flash Drives Control 4.1.0.0 Unquoted Service Path Privilege Escalation

Advisories

severity: high
date: December 17, 2025
Affecting: USB Flash Drives Control 4.1.0.0
CVE: CVE-2023-53912
CWE: CWE-428 Unquoted Search Path or Element
CVSS: 8.5
CVSS V4 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: ExploitDB-51508
Official Product Webpage
Credit: Jeffrey Bencteux
Description: USB Flash Drives Control 4.1.0.0 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\USB Flash Drives Control\usbcs.exe' to inject malicious executables and escalate privileges on Windows systems.