CVE-2025-54081: Sc Unquoted Search Path
The script creates or configures a Windows service using `sc` but fails to properly escape the `binPath` value. Because `sc.exe` strips the outermost quotes during argument parsing, passing a normally-quoted string (like `"%PATH%"`) results in the service's registry ImagePath being saved without quotes. If the path evaluated at runtime contains spaces, this
greprules fetch cve-2025-54081-sc-unquoted-search-path --engine opengrepDescription
The script creates or configures a Windows service using `sc` but fails to properly escape the `binPath` value. Because `sc.exe` strips the outermost quotes during argument parsing, passing a normally-quoted string (like `"%PATH%"`) results in the service's registry ImagePath being saved without quotes. If the path evaluated at runtime contains spaces, this
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.