Search criteria
1 vulnerability by veepn
CVE-2025-66575 (GCVE-0-2025-66575)
Vulnerability from cvelistv5 – Published: 2025-12-04 20:46 – Updated: 2025-12-05 17:44
VLAI
Title
VeeVPN 1.6.1 - Unquoted Service Path Remote Code Execution
Summary
VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSystem.
Severity
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/52088 | exploit |
| https://veepn.com/ | product |
| https://github.com/veepn/veepn | product |
| https://www.vulncheck.com/advisories/veevpn-161-u… | third-party-advisory |
Date Public
2024-12-27 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66575",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T17:44:42.490560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T17:44:47.464Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/52088"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VeeVPN",
"vendor": "VeePN",
"versions": [
{
"status": "affected",
"version": "1.6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Do\u00f6ukan Orhan, \u00d6rhan.dogukan@gmail.com"
}
],
"datePublic": "2024-12-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eVeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSystem.\u003c/p\u003e"
}
],
"value": "VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSystem."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T20:46:08.742Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-52088",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/52088"
},
{
"name": "VeePN Homepage",
"tags": [
"product"
],
"url": "https://veepn.com/"
},
{
"name": "VeePN GitHub Repository",
"tags": [
"product"
],
"url": "https://github.com/veepn/veepn"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/veevpn-161-unquoted-service-path-remote-code-execution"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "VeeVPN 1.6.1 - Unquoted Service Path Remote Code Execution",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-66575",
"datePublished": "2025-12-04T20:46:08.742Z",
"dateReserved": "2025-12-04T16:25:29.546Z",
"dateUpdated": "2025-12-05T17:44:47.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}