Vulnerability in Easeus Data Recovery

CVE-2022-50914

EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.

EPSS: 0.002 (7.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.4 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2022-50914?
CVE-2022-50914 is a high-severity vulnerability in Easeus Data Recovery, classified under Unquoted Search Path or Element. CVSS score: 8.4/10. Published 2026-01-13.
How severe is CVE-2022-50914?
High severity. CVSS v3 base score is 8.4 out of 10.