CVE-2019-25273
Unknown Unknown - Not Provided
Unquoted Service Path in Easy-Hide-IP EasyRedirect Enables Code Execution

Publication date: 2026-02-05

Last updated on: 2026-02-05

Assigner: VulnCheck

Description
Easy-Hide-IP 5.0.0.3 contains an unquoted service path vulnerability in the EasyRedirect service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe' to inject malicious executables and escalate privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-05
Last Modified
2026-02-05
Generated
2026-06-16
AI Q&A
2026-02-05
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25273
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
easy-hide-ip easy-hide-ip 5.0.0.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2019-25273 is an unquoted service path vulnerability found in Easy-Hide-IP version 5.0.0.3, specifically in the EasyRedirect service. The service executable path "C:\\Program Files\\Easy-Hide-IP\\rdr\\EasyRedirect.exe" is not enclosed in quotes. This allows local attackers to exploit the way Windows interprets paths with spaces, potentially injecting malicious executables.'}, {'type': 'paragraph', 'content': 'By placing a malicious executable in a location that Windows searches before the legitimate service executable, an attacker with local access can execute arbitrary code with elevated privileges.'}] [1, 2]

Impact Analysis

This vulnerability can allow a local attacker to escalate their privileges on the affected system by executing arbitrary code with the same privileges as the EasyRedirect service, which runs under the LocalSystem account.

Successful exploitation can lead to full system compromise, including unauthorized access to sensitive data, modification of system settings, and installation of persistent malware.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by inspecting the Windows services for unquoted service paths, specifically the EasyRedirect service related to Easy-Hide-IP version 5.0.0.3.'}, {'type': 'paragraph', 'content': 'You can use the following commands to detect the vulnerability:'}, {'type': 'list_item', 'content': 'Use WMIC to list services with automatic start mode excluding those in the Windows directory: wmic service where (startmode="auto" and pathname not like "%\\windows%") get name,pathname,startmode'}, {'type': 'list_item', 'content': 'Check the service configuration for EasyRedirect: sc qc EasyRedirect'}, {'type': 'paragraph', 'content': 'These commands help confirm the presence of the EasyRedirect service and reveal if its executable path is unquoted, which is the root cause of the vulnerability.'}] [1]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'Immediate mitigation involves correcting the unquoted service path to prevent arbitrary code execution.'}, {'type': 'paragraph', 'content': 'Specifically, you should:'}, {'type': 'list_item', 'content': 'Modify the EasyRedirect service executable path to be enclosed in quotes, for example: "C:\\Program Files\\Easy-Hide-IP\\rdr\\EasyRedirect.exe"'}, {'type': 'list_item', 'content': 'Ensure no malicious executables exist in directories that could be interpreted due to the unquoted path.'}, {'type': 'list_item', 'content': 'Limit local user privileges to reduce the risk of exploitation.'}, {'type': 'paragraph', 'content': 'Additionally, check for updates or patches from the vendor that address this vulnerability.'}] [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25273. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart