CVE-2025-7619
Published: 14 July 2025
Summary
CVE-2025-7619 is a high-severity Relative Path Traversal (CWE-23) vulnerability in Org (inferred from references). Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked in the top 12.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
BatchSignCS, a background Windows application developed by WellChoose, contains an arbitrary file write vulnerability tracked as CVE-2025-7619 and CWE-23. The flaw permits remote attackers to write files to arbitrary paths on the host system when the application is active, which can be leveraged for arbitrary code execution. It carries a CVSS 4.0 score of 8.7 reflecting network attack vector, low complexity, and high impact on confidentiality, integrity, and availability.
A remote attacker can exploit the issue if a user visits a malicious website while BatchSignCS is running, bypassing typical user-interaction requirements and enabling direct file writes that lead to code execution. The attack requires the victim to have the affected application active but does not need elevated privileges beyond those of the running process.
Advisories published by Taiwan's TW-CERT at the referenced URLs provide further details on the vulnerability and recommended actions for affected users. The EPSS score remains flat at 0.0337 with no material increase observed since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21300
Vulnerability details
BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attackers can write arbitrary files to any path and potentially lead to arbitrary…
more
code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary file write (CWE-23) in a network-accessible background Windows app is directly triggered by visiting a malicious site (drive-by) and enables remote code execution via dropped/modified files.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates CVE-2025-7619 by identifying, prioritizing, and applying patches to remediate the arbitrary file write vulnerability in BatchSignCS.
Prevents arbitrary file writes by enforcing input validation at system boundaries to block malicious web-triggered path traversal in BatchSignCS.
Detects unauthorized file modifications resulting from exploitation of the BatchSignCS arbitrary file write vulnerability through software and information integrity monitoring.