Cyber Resilience

CVE-2025-7619

High

Published: 14 July 2025

Published
14 July 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0337 87.6th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7619 is a high-severity Relative Path Traversal (CWE-23) vulnerability in Org (inferred from references). Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked in the top 12.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

BatchSignCS, a background Windows application developed by WellChoose, contains an arbitrary file write vulnerability tracked as CVE-2025-7619 and CWE-23. The flaw permits remote attackers to write files to arbitrary paths on the host system when the application is active, which can be leveraged for arbitrary code execution. It carries a CVSS 4.0 score of 8.7 reflecting network attack vector, low complexity, and high impact on confidentiality, integrity, and availability.

A remote attacker can exploit the issue if a user visits a malicious website while BatchSignCS is running, bypassing typical user-interaction requirements and enabling direct file writes that lead to code execution. The attack requires the victim to have the affected application active but does not need elevated privileges beyond those of the running process.

Advisories published by Taiwan's TW-CERT at the referenced URLs provide further details on the vulnerability and recommended actions for affected users. The EPSS score remains flat at 0.0337 with no material increase observed since disclosure.

EU & UK References

Vulnerability details

BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attackers can write arbitrary files to any path and potentially lead to arbitrary…

more

code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1189 Drive-by Compromise Initial Access
Adversaries may gain access to a system through a user visiting a website over the normal course of browsing.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Arbitrary file write (CWE-23) in a network-accessible background Windows app is directly triggered by visiting a malicious site (drive-by) and enables remote code execution via dropped/modified files.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-33494Shared CWE-23
CVE-2026-8361Shared CWE-23
CVE-2026-41948Shared CWE-23
CVE-2026-25057Shared CWE-23
CVE-2025-25130Shared CWE-23
CVE-2025-27553Shared CWE-23
CVE-2026-43533Shared CWE-23
CVE-2025-55747Shared CWE-23
CVE-2026-29778Shared CWE-23
CVE-2025-23011Shared CWE-23

Affected Assets

Org
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2025-7619 by identifying, prioritizing, and applying patches to remediate the arbitrary file write vulnerability in BatchSignCS.

prevent

Prevents arbitrary file writes by enforcing input validation at system boundaries to block malicious web-triggered path traversal in BatchSignCS.

detect

Detects unauthorized file modifications resulting from exploitation of the BatchSignCS arbitrary file write vulnerability through software and information integrity monitoring.

References