CVE-2019-25310
Awaiting Analysis Awaiting Analysis - Queue
Unquoted Service Path in ActiveFax Server Enables Privilege Escalation

Publication date: 2026-02-11

Last updated on: 2026-02-11

Assigner: VulnCheck

Description
ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated administrative privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-11
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-14
NVD
CVE-2019-25310
EUVD
EUVD-2019-19455
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
actfax activefax 6.92
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "This vulnerability exists in ActiveFax Server 6.92 Build 0316 and is an unquoted service path issue in the ActiveFaxServiceNT service. Because the service's binary path is not enclosed in quotes, Windows may misinterpret the path and allow a local attacker to place a malicious executable in a location that gets executed instead of the intended program."}, {'type': 'paragraph', 'content': 'This means that an attacker with local access can exploit this misconfiguration to execute arbitrary code with elevated administrative privileges.'}] [1]

Impact Analysis

The vulnerability allows local attackers to escalate their privileges by executing arbitrary code with administrative rights. This can lead to full control over the affected system, enabling attackers to install malware, steal sensitive data, or disrupt system operations.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by checking the service path of the ActiveFaxServiceNT service for unquoted paths on Windows systems.

  • Use the command: sc qc ActiveFaxServiceNT
  • Look for the BINARY_PATH_NAME output and verify if the path is unquoted, for example: C:\Program Files\ActiveFax\Server\ActSrvNT.exe without surrounding quotes.

An unquoted service path indicates the presence of this vulnerability, as it allows local attackers to place malicious executables in path segments that Windows may execute with elevated privileges.

Mitigation Strategies

[{'type': 'paragraph', 'content': 'To mitigate this vulnerability, immediately update the service path to include quotes around the executable path to prevent path parsing issues.'}, {'type': 'list_item', 'content': 'Modify the service configuration to quote the binary path, for example: "C:\\Program Files\\ActiveFax\\Server\\ActSrvNT.exe"'}, {'type': 'list_item', 'content': 'If possible, update or patch ActiveFax Server to a version where this vulnerability is fixed.'}, {'type': 'list_item', 'content': 'Restrict local user permissions to prevent unauthorized users from placing executables in directories referenced by the service path.'}, {'type': 'paragraph', 'content': 'These steps help prevent local attackers from exploiting the unquoted service path to execute arbitrary code with elevated privileges.'}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25310. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart