Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-25307

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-11 Feb, 2026 | 14:56
Updated At-11 Feb, 2026 | 21:15
Rejected At-
Credits

WorkgroupMail 7.5.1 - 'WorkgroupMail' Unquoted Service Path

WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:11 Feb, 2026 | 14:56
Updated At:11 Feb, 2026 | 21:15
Rejected At:
â–¼CVE Numbering Authority (CNA)
WorkgroupMail 7.5.1 - 'WorkgroupMail' Unquoted Service Path

WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.

Affected Products
Vendor
Softalk
Product
WorkgroupMail
Versions
Affected
  • 7.5.1
Problem Types
TypeCWE IDDescription
CWECWE-428Unquoted Search Path or Element
Type: CWE
CWE ID: CWE-428
Description: Unquoted Search Path or Element
Metrics
VersionBase scoreBase severityVector
4.08.5HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Cakes
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/47523
exploit
http://html.tucows.com/preview/195580/WorkgroupMail-Mail-Server?q=pop3
product
https://www.vulncheck.com/advisories/workgroupmail-workgroupmail-unquoted-service-path
third-party-advisory
Hyperlink: https://www.exploit-db.com/exploits/47523
Resource:
exploit
Hyperlink: http://html.tucows.com/preview/195580/WorkgroupMail-Mail-Server?q=pop3
Resource:
product
Hyperlink: https://www.vulncheck.com/advisories/workgroupmail-workgroupmail-unquoted-service-path
Resource:
third-party-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:11 Feb, 2026 | 15:16
Updated At:11 Feb, 2026 | 15:27

WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.5HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-428Primarydisclosure@vulncheck.com
CWE ID: CWE-428
Type: Primary
Source: disclosure@vulncheck.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://html.tucows.com/preview/195580/WorkgroupMail-Mail-Server?q=pop3disclosure@vulncheck.com
N/A
https://www.exploit-db.com/exploits/47523disclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/workgroupmail-workgroupmail-unquoted-service-pathdisclosure@vulncheck.com
N/A
Hyperlink: http://html.tucows.com/preview/195580/WorkgroupMail-Mail-Server?q=pop3
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/47523
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/workgroupmail-workgroupmail-unquoted-service-path
Source: disclosure@vulncheck.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

258Records found
CVE-2021-47804
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 0.47%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:25
Updated-05 Mar, 2026 | 01:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wise Care 365 5.6.7.568 - 'WiseBootAssistant' Unquoted Service Path

Wise Care 365 5.6.7.568 contains an unquoted service path vulnerability in the WiseBootAssistant service running with LocalSystem privileges. Attackers can exploit this by inserting a malicious executable in the service path, which will execute with elevated system privileges when the service restarts.

Action-Not Available
Vendor-Wisecleaner
Product-Wise Care
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47884
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.02% / 4.66%
||
7 Day CHG~0.00%
Published-21 Jan, 2026 | 17:27
Updated-05 Mar, 2026 | 01:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Configuration Tool 1.6.53 - 'OpLclSrv' Unquoted Service Path

OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe' to inject malicious executables and escalate privileges.

Action-Not Available
Vendor-OKI
Product-Configuration Tool
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-0237
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-4||MEDIUM
EPSS-0.06% / 18.80%
||
7 Day CHG~0.00%
Published-17 Mar, 2022 | 22:30
Updated-16 Sep, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rapid7 Insight Agent Privilege Escalation

Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80.

Action-Not Available
Vendor-Rapid7 LLC
Product-insight_agentInsight Agent
CWE ID-CWE-264
Not Available
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47889
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.02% / 4.66%
||
7 Day CHG~0.00%
Published-23 Jan, 2026 | 16:47
Updated-26 Jan, 2026 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Softros LAN Messenger 9.6.4 - 'SoftrosSpellChecker' Unquoted Service Path

Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerability in the SoftrosSpellChecker service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Softros Systems\Softros Messenger\Spell Checker\' to inject malicious executables and escalate privileges.

Action-Not Available
Vendor-Softros Systems
Product-LAN Messenger
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47880
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.02% / 4.66%
||
7 Day CHG~0.00%
Published-21 Jan, 2026 | 17:27
Updated-26 Jan, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Realtek Wireless LAN Utility 700.1631 - 'Realtek11nSU' Unquoted Service Path

Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path by inserting malicious code in the system root path that would execute during application startup or system reboot.

Action-Not Available
Vendor-Realtek Semiconductor Corp.
Product-Realtek Wireless LAN Utility
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47883
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.02% / 3.89%
||
7 Day CHG~0.00%
Published-21 Jan, 2026 | 17:27
Updated-05 Mar, 2026 | 01:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sandboxie Plus v0.7.2 - 'SbieSvc' Unquoted Service Path

Sandboxie Plus 0.7.2 contains an unquoted service path vulnerability in the SbieSvc service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during service startup.

Action-Not Available
Vendor-Sandboxie-Plus
Product-Sandboxie Plus
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47826
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 0.50%
||
7 Day CHG~0.00%
Published-16 Jan, 2026 | 19:09
Updated-26 Jan, 2026 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acer Backup Manager Module 3.0.0.99 - 'IScheduleSvc.exe' Unquoted Service Path

Acer Backup Manager 3.0.0.99 contains an unquoted service path vulnerability in the NTI IScheduleSvc service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\NTI\Acer Backup Manager\ to inject malicious executables that would run with elevated LocalSystem privileges.

Action-Not Available
Vendor-Acer Inc.
Product-Acer Backup Manager Module
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-45819
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.04% / 10.72%
||
7 Day CHG~0.00%
Published-03 Mar, 2022 | 14:04
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service path which allows attackers to escalate privileges to the system level.

Action-Not Available
Vendor-wordlinen/a
Product-hidccemonitorsvcn/a
CWE ID-CWE-428
Unquoted Search Path or Element
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found