Vulnerability in Easeus Data Recovery
CVE-2022-50914
EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.
EPSS: 0.002 (7.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.4 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Easeus Data Recovery — versions 15.1.0.0
Weakness classification (CWE)
References
- disclosure@vulncheck.com (exploit)
- disclosure@vulncheck.com (product)
- disclosure@vulncheck.com (third-party-advisory)
Frequently asked questions
- What is CVE-2022-50914?
- CVE-2022-50914 is a high-severity vulnerability in Easeus Data Recovery, classified under Unquoted Search Path or Element. CVSS score: 8.4/10. Published 2026-01-13.
- How severe is CVE-2022-50914?
- High severity. CVSS v3 base score is 8.4 out of 10.