CVE-2025-66575

Sažetak

VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSystem.

Reference

https://github.com/veepn/veepn
https://veepn.com/
https://www.exploit-db.com/exploits/52088
https://www.vulncheck.com/advisories/veevpn-161-unquoted-service-path-remote-code-execution
https://www.exploit-db.com/exploits/52088

CVSS

Base:	7.8
Impact:	5.9
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

30-12-2025 - 16:33

Objavljeno

04-12-2025 - 21:16