CVE-2019-25306
Awaiting Analysis Awaiting Analysis - Queue
Unquoted Service Path Vulnerability in BlackMoon FTP Server Allows Privilege Escalation

Publication date: 2026-02-11

Last updated on: 2026-02-11

Assigner: VulnCheck

Description
BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to insert malicious code that would execute with LocalSystem account permissions during service startup.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-11
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-14
NVD
CVE-2019-25306
EUVD
EUVD-2019-19452
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
selom_ofori blackmoon_ftp_server to 3.1.2.1731 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "The vulnerability in BlackMoon FTP Server version 3.1.2.1731 is an unquoted service path issue on Windows platforms. The service's binary path contains spaces but is not enclosed in quotes, which allows local users to exploit the path by inserting malicious executables into certain directories."}, {'type': 'paragraph', 'content': 'When the service starts or the system reboots, the operating system may incorrectly interpret the unquoted path and execute the malicious code with the elevated privileges of the BlackMoon FTP Service, which runs under the LocalSystem account.'}, {'type': 'paragraph', 'content': 'This means a local attacker with write access to parts of the system path can escalate their privileges by executing arbitrary code with high system permissions.'}] [1, 2]

Impact Analysis

This vulnerability can allow a local attacker to execute arbitrary code with elevated system privileges, specifically with the LocalSystem account permissions.

Such privilege escalation can lead to unauthorized control over the affected system, enabling the attacker to install malware, access sensitive data, modify system configurations, or disrupt services.

Because the exploit requires local access and the ability to write to directories in the system path, it primarily impacts environments where untrusted users have some level of local access.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by checking the service configuration for unquoted service paths. Specifically, you can use the Windows Service Control Manager command to query the service configuration and inspect the binary path.

  • Run the command: sc qc BMFTP-RELEASE

If the binary path shown is not enclosed in quotes and contains spaces (e.g., C:\Program Files (x86)\Selom Ofori\BlackMoon FTP Server\FTPService.exe), the service is vulnerable to this unquoted service path issue.

Mitigation Strategies

Immediate mitigation involves correcting the unquoted service path by enclosing the entire binary path in quotes to prevent the system from misinterpreting the path and executing malicious code.

Alternatively, ensure that no untrusted users have write permissions to any directories in the service path to prevent insertion of malicious executables.

A recommended step is to update or patch the BlackMoon FTP Server to a version where this vulnerability is fixed, if available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25306. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart