Cyber Resilience

CVE-2019-25307

HighPublic PoC

Published: 11 February 2026

Published
11 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0015 4.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25307 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Tucows (inferred from references). Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Unquoted Path (T1574.009); ranked at the 4.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2019-25307 is an unquoted service path vulnerability affecting WorkgroupMail 7.5.1, specifically in its Windows service configuration. This flaw, classified under CWE-428, arises from the service binary path not being properly quoted, enabling local privilege escalation. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability with low complexity and local access requirements.

Local attackers with low privileges can exploit this vulnerability by placing a malicious executable in a directory that precedes the legitimate service binary in the system's PATH search order. During service startup, the malicious executable runs with LocalSystem privileges, potentially allowing arbitrary code execution, full system compromise, and persistence on the affected Windows host.

Advisories and resources, including those from VulnCheck and an Exploit-DB entry (47523), document the issue and provide proof-of-concept exploitation details. No specific patches or mitigations are detailed in the available references, but practitioners should verify service path configurations in WorkgroupMail installations and apply general unquoted path hardening, such as quoting paths or restricting service directories.

A public exploit is available on Exploit-DB, indicating proof-of-concept exploitation capability, though no widespread real-world attacks have been reported in the provided data.

EU & UK References

Vulnerability details

WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges…

more

during service startup.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.009 Path Interception by Unquoted Path Stealth
Adversaries may execute their own malicious payloads by hijacking vulnerable file path references.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Direct unquoted service path flaw (CWE-428) enables Path Interception by Unquoted Path (T1574.009) for local privilege escalation (T1068) via malicious executable placement in PATH.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2022-50914Shared CWE-428
CVE-2020-36982Shared CWE-428
CVE-2020-36987Shared CWE-428
CVE-2021-47825Shared CWE-428
CVE-2020-37059Shared CWE-428
CVE-2020-36953Shared CWE-428
CVE-2022-50935Shared CWE-428
CVE-2021-47864Shared CWE-428
CVE-2020-37060Shared CWE-428
CVE-2019-25308Shared CWE-428

Affected Assets

Tucows
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Establishes and enforces configuration settings that require proper quoting of Windows service binary paths to prevent exploitation of unquoted paths.

prevent

Requires identification, reporting, and correction of flaws like CVE-2019-25307, including fixing the unquoted service path configuration.

detect

Vulnerability scanning detects unquoted service path vulnerabilities like CVE-2019-25307 in system configurations.

References