CVE-2019-25306
Unquoted Service Path Vulnerability in BlackMoon FTP Server Allows Privilege Escalation
Publication date: 2026-02-11
Last updated on: 2026-02-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| selom_ofori | blackmoon_ftp_server | to 3.1.2.1731 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "The vulnerability in BlackMoon FTP Server version 3.1.2.1731 is an unquoted service path issue on Windows platforms. The service's binary path contains spaces but is not enclosed in quotes, which allows local users to exploit the path by inserting malicious executables into certain directories."}, {'type': 'paragraph', 'content': 'When the service starts or the system reboots, the operating system may incorrectly interpret the unquoted path and execute the malicious code with the elevated privileges of the BlackMoon FTP Service, which runs under the LocalSystem account.'}, {'type': 'paragraph', 'content': 'This means a local attacker with write access to parts of the system path can escalate their privileges by executing arbitrary code with high system permissions.'}] [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow a local attacker to execute arbitrary code with elevated system privileges, specifically with the LocalSystem account permissions.
Such privilege escalation can lead to unauthorized control over the affected system, enabling the attacker to install malware, access sensitive data, modify system configurations, or disrupt services.
Because the exploit requires local access and the ability to write to directories in the system path, it primarily impacts environments where untrusted users have some level of local access.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the service configuration for unquoted service paths. Specifically, you can use the Windows Service Control Manager command to query the service configuration and inspect the binary path.
- Run the command: sc qc BMFTP-RELEASE
If the binary path shown is not enclosed in quotes and contains spaces (e.g., C:\Program Files (x86)\Selom Ofori\BlackMoon FTP Server\FTPService.exe), the service is vulnerable to this unquoted service path issue.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves correcting the unquoted service path by enclosing the entire binary path in quotes to prevent the system from misinterpreting the path and executing malicious code.
Alternatively, ensure that no untrusted users have write permissions to any directories in the service path to prevent insertion of malicious executables.
A recommended step is to update or patch the BlackMoon FTP Server to a version where this vulnerability is fixed, if available.