A high-severity vulnerability, identified as CVE-2025-7619, exists within the BatchSignCS Windows application. This flaw allows an attacker to write arbitrary files to any location on the host system, which could be leveraged to overwrite critical system files, install malware, and ultimately lead to a full system compromise. Organizations using this software are at significant risk of unauthorized access and loss of system integrity.

The BatchSignCS application contains an Arbitrary File Write vulnerability. An attacker with the ability to interact with the application, potentially as a low-privileged user, can craft a malicious request that bypasses security checks. This allows the attacker to specify an arbitrary path and filename on the system, causing the application to write a file with attacker-controlled content to that location. This could be used to plant a malicious executable in a startup folder for persistence, overwrite a legitimate system DLL to achieve privilege escalation, or corrupt critical operating system files to cause a denial of service.

This vulnerability is rated as High severity with a CVSS score of 8.8. Successful exploitation could lead to a complete compromise of the affected Windows system. The primary business impacts include the potential for data theft of sensitive corporate or customer information, deployment of ransomware leading to significant financial loss and operational downtime, and a loss of system integrity. A compromised system could also be used as a pivot point for further attacks across the internal network, escalating the incident's scope and impact.

Immediate Action: Identify all systems running the affected BatchSignCS software and apply the security updates provided by the vendor (WellChoose) immediately. Prioritize patching on critical assets, such as servers and systems handling sensitive data. After patching, verify that the update was successfully applied.

Proactive Monitoring: Review application and Windows event logs for any unusual file write operations, especially to sensitive directories like C:\Windows\System32, C:\Program Files, or user startup folders. Implement File Integrity Monitoring (FIM) to generate alerts on unauthorized changes to critical system files. Monitor for the creation of new, unrecognized services or scheduled tasks that could indicate a persistence mechanism has been established.

Compensating Controls: If patching cannot be immediately deployed, consider the following controls:

• Temporarily disable or uninstall the BatchSignCS application if it is not essential for business operations.
• Use application control solutions (e.g., AppLocker) to prevent the execution of unauthorized files from common writeable locations.
• Ensure the service or user account running BatchSignCS operates with the principle of least privilege and is restricted from writing to system-critical directories.

Public Exploit Available: False

This is a high-severity vulnerability that poses a significant and immediate risk to the organization. The potential for a full system compromise requires an urgent response. We recommend that all system administrators immediately identify assets running the WellChoose BatchSignCS application and apply the vendor-supplied patch without delay. Although not yet listed on the CISA KEV, the severity of this flaw warrants treating it with the highest priority to prevent potential exploitation leading to data breaches or ransomware events.