Home

Description

Cobian Backup Gravity 11.2.0.582 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the CobianBackup11 service to inject malicious code that would execute with LocalSystem privileges during service startup.

PUBLISHED Reserved 2025-12-21 | Published 2025-12-22 | Updated 2025-12-22 | Assigner VulnCheck




HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
HIGH: 8.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Unquoted Search Path or Element

Product status

11.2.0.582
affected

Credits

Luis Martinez finder

References

www.exploit-db.com/exploits/50791 (ExploitDB-50791) exploit

www.cobiansoft.com/ (Cobian Backup Official Vendor Homepage) product

www.vulncheck.com/...uoted-service-path-privilege-escalation (VulnCheck Advisory: Cobian Backup Gravity 11.2.0.582 Unquoted Service Path Privilege Escalation) third-party-advisory

cve.org (CVE-2022-50688)

nvd.nist.gov (CVE-2022-50688)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.