CVE-2023-53912 HIGH

CVE-2023-53912: USB Flash Drives Control 4.1.0.0 Unquoted Service Path Privilege Escalation

Vendor Binisoft
Product USB Flash Drives Control
Weakness CWE-428
Published December 17, 2025
Last update April 7, 2026

CVSS base score

8.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

USB Flash Drives Control 4.1.0.0 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\USB Flash Drives Control\usbcs.exe' to inject malicious executables and escalate privileges on Windows systems.

Key dates

02Disclosure timeline

December 17, 2025 CVE published
April 7, 2026 Record updated