【Vulnerability Alert】Weiqiao Information Developed Signature Service (BatchSignCS) has Arbitrary File Write vulnerability

Date Posted: 2025/07/15

Subject: 【Vulnerability Alert】Weiqiao Information Developed Signature Service (BatchSignCS) has Arbitrary File Write vulnerability

Content Description:
- Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202507-00000008
- 【Weiqiao Information | Signature Service (BatchSignCS) - Arbitrary File Write through Path Traversal】(CVE-2025-7619, CVSS: 8.8) Weiqiao Information's developed Signature Service (BatchSignCS) is a Windows background program. It has an Arbitrary File Write vulnerability. When the program is open, if a user browses a malicious website, a remote attacker can write arbitrary files to any path, and potentially exploit this vulnerability to execute arbitrary code.
Affected Platforms:
- Signature Service (BatchSignCS) version 3.138 (inclusive) and earlier
Suggested Measures:
- Update to version 3.145 (inclusive) and later
References:
- https://www.twcert.org.tw/tw/cp-132-10239-770ab-1.html

Computer and Communications Center
Network Systems Division Respectfully