Home

Description

TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnerability in the CCSrvProxy service that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\TenaxSoft\CyberPlanet\SrvProxy.exe' to inject malicious executables and gain elevated system privileges.

PUBLISHED Reserved 2026-01-06 | Published 2026-02-04 | Updated 2026-02-06 | Assigner VulnCheck




HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Unquoted Search Path or Element

Product status

6.4.131
affected

Credits

Cristian Ayala G finder

References

www.exploit-db.com/exploits/47724 (ExploitDB-47724) exploit

tenaxsoft.com/index.html (Vendor Homepage) product

www.vulncheck.com/...planet-ccsrvproxy-unquoted-service-path (VulnCheck Advisory: TexasSoft CyberPlanet 6.4.131 - 'CCSrvProxy' Unquoted Service Path) third-party-advisory

cve.org (CVE-2019-25272)

nvd.nist.gov (CVE-2019-25272)

Download JSON