Home

Description

Genexus Protection Server 9.7.2.10 contains an unquoted service path vulnerability in the protsrvservice Windows service configuration. Attackers can exploit the unquoted binary path to execute arbitrary code with elevated LocalSystem privileges by placing malicious executables in specific file system locations.

PUBLISHED Reserved 2025-12-10 | Published 2025-12-11 | Updated 2025-12-18 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-428: Unquoted Search Path or Element

Product status

Default status
unaffected

9.7.2.10
affected

Credits

SamAlucard, Sam Alucard finder

References

www.exploit-db.com/exploits/52065 (ExploitDB-52065) exploit

www.genexus.com/es/ (Official Genexus Homepage) product

www.genexus.com/en/developers/downloadcenter?data=;; (Genexus Software Download Center) product

www.vulncheck.com/...uoted-service-path-privilege-escalation (VulnCheck Advisory: Genexus Protection Server 9.7.2.10 Unquoted Service Path Privilege Escalation) third-party-advisory

cve.org (CVE-2024-58288)

nvd.nist.gov (CVE-2024-58288)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.