← volver
CVE-2025-12286

VeePN AVService avservice.exe unquoted search path

CVSS 7.3 HIGHEPSS 0.2%CWE-426CWE-428
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
27 oct 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A weakness has been identified in VeePN up to 1.6.2. This affects an unknown function of the file C:\Program Files (x86)\VeePN\avservice\avservice.exe of the component AVService. This manipulation causes unquoted search path. The attack requires local access. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X
Productos afectados
n/a · VeePN

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/lakshayyverma/CVE-Discovery/blob/main/VeePn.mdhttps://vuldb.com/?ctiid.329954https://vuldb.com/?id.329954https://vuldb.com/?submit.672512https://vuldb.com/?submit.682569