CVE-2019-25269
Unquoted Service Path in Amiti Antivirus Enables Privilege Escalation
Publication date: 2026-02-05
Last updated on: 2026-02-05
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netgate | amiti_antivirus | to 25.0.640 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'Amiti Antivirus version 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. This means that the paths to the service executables are not enclosed in quotes, which is problematic because the paths contain spaces.'}, {'type': 'paragraph', 'content': 'Due to this misconfiguration, Windows may incorrectly interpret the service path and execute a malicious executable placed by an attacker in a higher-priority directory, such as "C:\\Program.exe".'}, {'type': 'paragraph', 'content': 'This vulnerability allows an attacker with local access to inject and execute arbitrary code with elevated LocalSystem privileges by placing malicious files in specific directory locations.'}] [2, 3]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'The vulnerability can lead to local privilege escalation, allowing an attacker to execute arbitrary code with LocalSystem privileges, which is the highest level of privilege on a Windows system.'}, {'type': 'paragraph', 'content': 'An attacker exploiting this flaw can gain full control over the affected system, potentially installing malware, stealing sensitive data, or disrupting system operations.'}, {'type': 'paragraph', 'content': "Since the affected services are set to auto-start and run under the LocalSystem account, the impact is severe and can compromise the entire system's security."}] [2, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking the service configuration for unquoted service paths in Amiti Antivirus services.'}, {'type': 'paragraph', 'content': "Specifically, you can use the Windows command line tool 'sc' to query the service configuration and look for unquoted executable paths."}, {'type': 'list_item', 'content': 'Run the command: sc qc AmitiAvHealth'}, {'type': 'list_item', 'content': 'Run the command: sc qc AmitiAvSrv'}, {'type': 'paragraph', 'content': 'If the binary paths returned by these commands are not enclosed in quotes and contain spaces, the system is vulnerable to this unquoted service path issue.'}] [3]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should correct the service executable paths by enclosing them in quotes to prevent Windows from misinterpreting the path.
Alternatively, ensure that no malicious executables exist in directories that could be interpreted as part of the unquoted path.
If possible, update Amiti Antivirus to a version that addresses this vulnerability or apply any vendor-provided patches.
As a temporary measure, restrict local user access to the system to prevent placing malicious executables in the vulnerable path locations.