CVE-2019-25269 | THREATINT

Description

Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files in specific directory locations.

PUBLISHED Reserved 2026-01-06 | Published 2026-02-04 | Updated 2026-02-06 | Assigner VulnCheck

HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Unquoted Search Path or Element

Product status

25.0.640

affected

Credits

ZwX finder

References

www.exploit-db.com/exploits/47747 (ExploitDB-47747) exploit

www.netgate.sk/ (Vendor Homepage) product

www.vulncheck.com/...rus-unquoted-service-path-vulnerability (VulnCheck Advisory: Amiti Antivirus 25.0.640 - Unquoted Service Path Vulnerability) third-party-advisory

cve.org (CVE-2019-25269)

nvd.nist.gov (CVE-2019-25269)

Download JSON