CVE-2025-12507 HIGH

CVE-2025-12507: Insecure service configuration – unquoted path

Vendor Bizerba
Product _connect.BRAIN
Weakness CWE-428
Published October 31, 2025
Last update October 31, 2025

CVSS base score

8.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed.

Key dates

02Disclosure timeline

October 31, 2025 CVE published
October 31, 2025 Record updated