CVE-2019-25309
Unquoted Service Path in Zilab Console Enables Privilege Escalation
Publication date: 2026-02-11
Last updated on: 2026-02-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zilab | remote_console_server | 3.2.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can lead to a full system compromise because attackers can execute arbitrary code with LocalSystem privileges. This means they can gain control over the entire system, potentially accessing, modifying, or deleting sensitive data, installing malware, or disrupting system availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
CVE-2019-25309 is an unquoted service path vulnerability found in Zilab Remote Console Server version 3.2.9. This flaw occurs because the service executable path is not enclosed in quotes, allowing local attackers to place malicious executables in locations that the system may mistakenly execute instead of the intended service binary.
When exploited, this vulnerability enables attackers with local access to execute arbitrary code with elevated system privileges, specifically running under the LocalSystem account, which has very high permissions on the affected system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by checking the service configuration for unquoted service paths, specifically for the Zilab Remote Console Server service named 'zrcs'."}, {'type': 'paragraph', 'content': 'A common method is to query the service executable path and verify if it is enclosed in quotes. For example, on a Windows system, you can use the following command to check the service path:'}, {'type': 'list_item', 'content': 'sc qc zrcs'}, {'type': 'paragraph', 'content': 'If the executable path returned is not enclosed in quotes and contains spaces (e.g., C:\\Program Files (x86)\\Zilab\\ZRCS\\ZRCS.exe), the service is vulnerable to this unquoted service path issue.'}, {'type': 'paragraph', 'content': 'Additionally, you can manually inspect the service path in the Windows Registry under: HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\zrcs'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'To mitigate this vulnerability immediately, you should correct the unquoted service path by enclosing the executable path in double quotes.'}, {'type': 'paragraph', 'content': 'This prevents the system from misinterpreting the path and executing malicious executables placed in directories along the path.'}, {'type': 'list_item', 'content': 'Modify the service configuration to quote the executable path, for example: "C:\\Program Files (x86)\\Zilab\\ZRCS\\ZRCS.exe"'}, {'type': 'list_item', 'content': 'Restart the affected service after making the change to ensure the new configuration is applied.'}, {'type': 'paragraph', 'content': 'Additionally, restrict local user permissions to prevent unauthorized users from placing executables in directories referenced by the service path.'}] [1, 2]