CVE-2019-25231
Published: 08 January 2026
Summary
CVE-2019-25231 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Cxsecurity (inferred from references). Its CVSS base score is 8.4 (High).
Operationally, ranked at the 6.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces secure configuration settings for Windows services, including proper quoting of executable paths to directly prevent unquoted service path hijacking.
Prohibits user installation of unauthorized software, preventing local non-privileged users from placing malicious executables in system root directories like C:\.
Implements least privilege for services and processes, limiting the elevated privileges available to code hijacking the DevoloNetworkService.
NVD Description
devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure service path configuration by inserting malicious code in the system root path…
more
to execute with elevated privileges during application startup or system reboot.
Deeper analysisAI
CVE-2019-25231 is an unquoted service path vulnerability affecting devolo dLAN Cockpit version 4.3.1, specifically in the DevoloNetworkService Windows service. This flaw (CWE-428) arises from the service executable path not being properly quoted, enabling local attackers to hijack the service by placing a malicious executable in a directory earlier in the system PATH search order, such as the system root. The vulnerability has a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for complete system compromise.
Local non-privileged users can exploit this vulnerability without requiring administrative rights (PR:N). By placing a malicious executable named to match the service binary in the system root path (e.g., C:\), attackers can achieve arbitrary code execution with elevated privileges when the DevoloNetworkService starts during application launch or system reboot. This grants high confidentiality, integrity, and availability impacts, potentially allowing full control over the affected system.
Advisories and references for CVE-2019-25231 are available from CXSecurity (WLB-2019020037), IBM X-Force Exchange (vulnerability 156594), Packet Storm Security (file 151525), devolo's official website, and Zero Science (ZSL-2019-5506), which provide further technical details on the issue. No specific patch or mitigation guidance is detailed in the core vulnerability description.
Details
- CWE(s)