CVE-2019-25345
Awaiting Analysis Awaiting Analysis - Queue
Unquoted Service Path in Realtek IIS Codec Allows Code Execution

Publication date: 2026-02-12

Last updated on: 2026-02-13

Assigner: VulnCheck

Description
Realtek IIS Codec Service 6.4.10041.133 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service configuration to inject malicious executables and escalate privileges on the system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-12
Last Modified
2026-02-13
Generated
2026-06-16
AI Q&A
2026-02-12
EPSS Evaluated
2026-06-14
NVD
CVE-2019-25345
EUVD
EUVD-2019-19485
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
realtek iis_codec_service 6.4.10041.133
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'This vulnerability exists in the Realtek IIS Codec Service version 6.4.10041.133 and is caused by an unquoted service path in the service configuration. Because the service path contains spaces but is not enclosed in quotes, a local attacker can place a malicious executable in a location that the system will execute instead of the legitimate service executable.'}, {'type': 'paragraph', 'content': 'Specifically, the vulnerable service named "RtkI2SCodec" runs an executable located at "C:\\Program Files\\Realtek\\Audio\\IIS\\RtkI2SAudioService64.exe" with automatic start on Windows systems. The unquoted path allows an attacker with local access to escalate privileges by injecting and executing arbitrary code.'}] [1]

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability can allow a local attacker to execute arbitrary code with elevated privileges on the affected system. By exploiting the unquoted service path, the attacker can inject malicious executables that run with the service's privileges, potentially leading to full system compromise."}, {'type': 'paragraph', 'content': 'The impact includes unauthorized code execution, privilege escalation, and potential control over the system, which can be used to install malware, steal data, or disrupt system operations.'}] [1]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by checking the service path of the 'RtkI2SCodec' service for unquoted spaces. Since the service executable path contains spaces and is unquoted, it is vulnerable to code injection."}, {'type': 'paragraph', 'content': 'On a Windows system, you can use the following command to check the service path:'}, {'type': 'list_item', 'content': 'sc qc RtkI2SCodec'}, {'type': 'paragraph', 'content': 'If the path shown in the output contains spaces and is not enclosed in quotes, the service is vulnerable to this unquoted service path issue.'}] [1]

Mitigation Strategies

To mitigate this vulnerability, immediately update the service path to include quotes around the executable path to prevent execution of malicious files placed in the path.

Alternatively, restrict local user permissions to prevent unauthorized users from placing executables in directories that are part of the service path.

If possible, update or patch the Realtek IIS Codec Service to a version where this vulnerability is fixed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25345. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart