CVE-2021-47805

low-risk

Published 2026-01-16

Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries to inject malicious executables that will be run with elevated LocalSystem privileges.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (1)

Disksavvy

Affected Vendors

Flexense

References (3)

Product https://www.disksavvy.com

Exploit https://www.exploit-db.com/exploits/50024

Third Party Advisory https://www.vulncheck.com/advisories/disk-savvy-multiple-unquoted-service-path

/ 100

low-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal