CVE-2018-25359
Deferred Deferred - Pending Action
Insecure File Permissions in Splinterware System Scheduler Pro Allow Privilege Escalation

Publication date: 2026-05-25

Last updated on: 2026-05-25

Assigner: VulnCheck

Description
Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious executable that executes with LocalSystem privileges when the service is triggered.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-25
Last Modified
2026-05-25
Generated
2026-06-15
AI Q&A
2026-05-26
EPSS Evaluated
2026-06-14
NVD
CVE-2018-25359
EUVD
EUVD-2018-21881
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
splinterware system_scheduler_pro 5.12
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Splinterware System Scheduler Pro 5.12 and involves insecure file permissions. It allows users with low privileges to escalate their privileges by modifying service executable files. Specifically, an attacker can rename the legitimate WService.exe file in the installation directory and replace it with a malicious executable. When the service is triggered, this malicious executable runs with LocalSystem privileges, giving the attacker high-level control over the system.

Impact Analysis

The impact of this vulnerability is significant because it allows an attacker with limited access to gain full system privileges. By replacing the service executable with a malicious one, the attacker can execute arbitrary code with LocalSystem rights, potentially leading to complete system compromise, unauthorized data access, or disruption of system operations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25359. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart