exploitDog

CVE-2025-66575

Опубликовано: 04 дек. 2025

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSystem.

Ссылки

https://github.com/veepn/veepn
Broken Link
https://veepn.com/
Product
https://www.exploit-db.com/exploits/52088
Exploit
https://www.vulncheck.com/advisories/veevpn-161-unquoted-service-path-remote-code-execution
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/52088
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:veepn:veepn:1.6.1:*:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00085

Низкий

7.8 High

CVSS3

Дефекты

CWE-428

Связанные уязвимости

GHSA-388g-pgp3-x5mx

CVSS3: 7.8

github

2 месяца назад

VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSystem.

EPSS

Процентиль: 25%

0.00085

Низкий

7.8 High

CVSS3

Дефекты

CWE-428