CVE-2019-25275
Unquoted Service Path in BartVPNService Enables Privilege Escalation
Publication date: 2026-02-05
Last updated on: 2026-02-05
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bartvpn | bartvpn | 1.2.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "BartVPN version 1.2.2 contains an unquoted service path vulnerability in its Windows service named 'BartVPNService'. This vulnerability arises because the service's binary path is not enclosed in quotes and contains spaces, which allows local attackers to place malicious executables in specific file system locations. When the service starts, it may execute these malicious executables instead of the legitimate one, leading to arbitrary code execution with elevated system privileges."}, {'type': 'paragraph', 'content': 'The service runs under the LocalSystem account and is configured to auto-start, which means exploitation can lead to privilege escalation on the affected system.'}] [2, 3]
How can this vulnerability impact me? :
This vulnerability allows a local attacker with access to the affected system to execute arbitrary code with elevated system privileges. This means the attacker can gain control over the system at a high privilege level, potentially leading to unauthorized access, modification, or deletion of sensitive data, disruption of system availability, and compromise of system integrity.
Because the service runs with LocalSystem privileges, exploitation can result in full system compromise.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the service configuration for unquoted service paths, especially those containing spaces. An unquoted path can be exploited by placing malicious executables in certain locations.
A suggested command to detect this vulnerability on a Windows system is to query the service configuration using the command:
- sc qc BartVPNService
This command will display the binary path of the BartVPNService. If the path is unquoted and contains spaces, the system is vulnerable to this unquoted service path issue.
What immediate steps should I take to mitigate this vulnerability?
I don't know