CVE-2019-25273
Unquoted Service Path in Easy-Hide-IP EasyRedirect Enables Code Execution
Publication date: 2026-02-05
Last updated on: 2026-02-05
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| easy-hide-ip | easy-hide-ip | 5.0.0.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2019-25273 is an unquoted service path vulnerability found in Easy-Hide-IP version 5.0.0.3, specifically in the EasyRedirect service. The service executable path "C:\\Program Files\\Easy-Hide-IP\\rdr\\EasyRedirect.exe" is not enclosed in quotes. This allows local attackers to exploit the way Windows interprets paths with spaces, potentially injecting malicious executables.'}, {'type': 'paragraph', 'content': 'By placing a malicious executable in a location that Windows searches before the legitimate service executable, an attacker with local access can execute arbitrary code with elevated privileges.'}] [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow a local attacker to escalate their privileges on the affected system by executing arbitrary code with the same privileges as the EasyRedirect service, which runs under the LocalSystem account.
Successful exploitation can lead to full system compromise, including unauthorized access to sensitive data, modification of system settings, and installation of persistent malware.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by inspecting the Windows services for unquoted service paths, specifically the EasyRedirect service related to Easy-Hide-IP version 5.0.0.3.'}, {'type': 'paragraph', 'content': 'You can use the following commands to detect the vulnerability:'}, {'type': 'list_item', 'content': 'Use WMIC to list services with automatic start mode excluding those in the Windows directory: wmic service where (startmode="auto" and pathname not like "%\\windows%") get name,pathname,startmode'}, {'type': 'list_item', 'content': 'Check the service configuration for EasyRedirect: sc qc EasyRedirect'}, {'type': 'paragraph', 'content': 'These commands help confirm the presence of the EasyRedirect service and reveal if its executable path is unquoted, which is the root cause of the vulnerability.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation involves correcting the unquoted service path to prevent arbitrary code execution.'}, {'type': 'paragraph', 'content': 'Specifically, you should:'}, {'type': 'list_item', 'content': 'Modify the EasyRedirect service executable path to be enclosed in quotes, for example: "C:\\Program Files\\Easy-Hide-IP\\rdr\\EasyRedirect.exe"'}, {'type': 'list_item', 'content': 'Ensure no malicious executables exist in directories that could be interpreted due to the unquoted path.'}, {'type': 'list_item', 'content': 'Limit local user privileges to reduce the risk of exploitation.'}, {'type': 'paragraph', 'content': 'Additionally, check for updates or patches from the vendor that address this vulnerability.'}] [1, 2]