CVE-2019-25266
Published: 06 February 2026
Summary
CVE-2019-25266 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Wondershare Application Framework (inferred from references). Its CVSS base score is 7.8 (High).
Operationally, ranked at the 4.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
CM-6 enforces secure configuration settings for system components, including properly quoting Windows service executable paths to directly prevent hijacking via unquoted path vulnerabilities like CVE-2019-25266.
SI-2 requires identification, reporting, and correction of system flaws, such as unquoted service paths in third-party software, ensuring timely remediation of CVE-2019-25266.
CM-2 establishes and maintains baseline configurations that incorporate secure service path settings, mitigating the risk of unquoted path exploits like CVE-2019-25266 from deployment.
NVD Description
Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific directory locations to hijack…
more
the service's execution context.
Deeper analysisAI
CVE-2019-25266 is an unquoted service path vulnerability affecting Wondershare Application Framework Service version 2.4.3.231. This flaw occurs when the service binary path in the Windows registry lacks proper quotation, enabling local attackers to hijack the service execution by placing malicious executables in specific directory locations along the path resolution.
Local low-privileged attackers can exploit this vulnerability with low complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Successful exploitation allows attackers to execute arbitrary code with the elevated privileges of the service, potentially leading to full system compromise.
Advisories from VulnCheck and an Exploit-DB entry (exploit 47617) document the issue, including proof-of-concept details. Wondershare's official sites provide context on the affected software, such as Dr.Fone, though specific patch or mitigation guidance is referenced in these resources for practitioners to review.
Details
- CWE(s)