Cyber Posture

CVE-2025-7619

High

Published: 14 July 2025

Published
14 July 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0337 87.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7619 is a high-severity Relative Path Traversal (CWE-23) vulnerability in Org (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked in the top 12.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Drive-by Compromise (T1189) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates CVE-2025-7619 by identifying, prioritizing, and applying patches to remediate the arbitrary file write vulnerability in BatchSignCS.

SI-10 Information Input Validation good match
prevent

Prevents arbitrary file writes by enforcing input validation at system boundaries to block malicious web-triggered path traversal in BatchSignCS.

SI-7 Software, Firmware, and Information Integrity partial match
detect

Detects unauthorized file modifications resulting from exploitation of the BatchSignCS arbitrary file write vulnerability through software and information integrity monitoring.

MITRE ATT&CK Enterprise TechniquesAI

T1189 Drive-by Compromise Initial Access
Adversaries may gain access to a system through a user visiting a website over the normal course of browsing.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Arbitrary file write (CWE-23) in a network-accessible background Windows app is directly triggered by visiting a malicious site (drive-by) and enables remote code execution via dropped/modified files.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attackers can write arbitrary files to any path and potentially lead to arbitrary…

more

code execution.

Deeper analysisAI

CVE-2025-7619 is an Arbitrary File Write vulnerability (CWE-23) in BatchSignCS, a background Windows application developed by WellChoose. Published on 2025-07-14, the issue has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.

The vulnerability is exploitable when a user visits a malicious website while BatchSignCS is running. Remote attackers require low privileges and can write arbitrary files to any path on the system, potentially leading to arbitrary code execution.

Advisories published by TWCERT provide further details on the issue, available at https://www.twcert.org.tw/en/cp-139-10240-00f86-2.html and https://www.twcert.org.tw/tw/cp-132-10239-770ab-1.html. Security practitioners should consult these for recommended mitigations and patches.

Details

CWE(s)
CWE-23

Affected Products

Org
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-25130Shared CWE-23
CVE-2026-33494Shared CWE-23
CVE-2026-25057Shared CWE-23
CVE-2024-56340Shared CWE-23
CVE-2026-29778Shared CWE-23
CVE-2025-20059Shared CWE-23
CVE-2025-2056Shared CWE-23
CVE-2026-32725Shared CWE-23
CVE-2024-52012Shared CWE-23
CVE-2026-30345Shared CWE-23

References