CVE-2021-47845 | THREATINT

Description

Spy Emergency 25.0.650 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted file paths in SpyEmergencyHealth.exe and SpyEmergencySrv.exe to inject malicious code during system startup or service restart.

PUBLISHED Reserved 2026-01-14 | Published 2026-01-16 | Updated 2026-01-16 | Assigner VulnCheck

HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Unquoted Search Path or Element

Product status

25.0.650

affected

Credits

Erick Galindo finder

References

www.exploit-db.com/exploits/49997 exploit

www.exploit-db.com/exploits/49997 (ExploitDB-49997) exploit

www.spy-emergency.com/ (Vendor Homepage) product

www.vulncheck.com/...ies/spy-emergency-unquoted-service-path (VulnCheck Advisory: Spy Emergency 25.0.650 - Unquoted Service Path) third-party-advisory

cve.org (CVE-2021-47845)

nvd.nist.gov (CVE-2021-47845)

Download JSON