CVE-2019-25292
Unknown Unknown - Not Provided
Unquoted Service Path in Alps HID Monitor Allows Privilege Escalation

Publication date: 2026-02-06

Last updated on: 2026-02-06

Assigner: VulnCheck

Description
Alps HID Monitor Service 8.1.0.10 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\Apoint2K\HidMonitorSvc.exe to inject malicious executables and gain system-level access.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-06
Last Modified
2026-02-06
Generated
2026-06-16
AI Q&A
2026-02-06
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25292
EUVD
EUVD-2019-19405
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
alps hid_monitor_service to 8.1.0.10 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

To mitigate this vulnerability, the immediate step is to correct the unquoted service path by enclosing the executable path in double quotes.

This prevents Windows from misinterpreting the path and executing malicious executables placed in path segments.

Alternatively, ensure that no untrusted executables exist in any directory along the service path.

If possible, update or patch the Alps HID Monitor Service to a version where this issue is fixed.

Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2019-25292 is an unquoted service path vulnerability in Alps HID Monitor Service version 8.1.0.10. The service executable path "C:\\Program Files\\Apoint2K\\HidMonitorSvc.exe" is not enclosed in quotes, which allows local attackers to place malicious executables in directories along the path. When the service starts, Windows may execute the malicious executable instead of the legitimate one, leading to arbitrary code execution with elevated system-level privileges.'}] [1, 2]

Impact Analysis

This vulnerability allows a local attacker with limited privileges to escalate their privileges to system-level by exploiting the unquoted service path. By placing a malicious executable in a specific directory along the service path, the attacker can have their code executed with elevated privileges when the service starts automatically. This can lead to full control over the affected system, including the ability to execute arbitrary code, compromise system integrity, and potentially install persistent malware.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by identifying services with unquoted executable paths, especially those that start automatically and are located outside the Windows directory.'}, {'type': 'paragraph', 'content': 'One method involves using Windows Management Instrumentation Command-line (WMIC) to list services with auto start mode excluding those in the Windows directory and without quotes in their executable paths.'}, {'type': 'paragraph', 'content': "Additionally, the 'sc qc' command can be used to query the service configuration and confirm if the executable path is unquoted."}, {'type': 'list_item', 'content': 'wmic service where "startmode=\'auto\' and pathname not like \'%"%"%\' and pathname not like \'%Windows%\'%" get name,pathname,startmode'}, {'type': 'list_item', 'content': 'sc qc ApHidMonitorService'}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25292. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart