Cyber Resilience

CVE-2019-25344

HighPublic PoCLPE

Published: 12 February 2026

Published
12 February 2026
Modified
26 February 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0016 5.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25344 is a high-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Wondershare Mobilego. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Services File Permissions Weakness (T1574.010); ranked at the 5.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2019-25344 is an insecure file permissions vulnerability (CWE-732) in Wondershare MobileGo version 8.5.0. The flaw enables local users to modify executable files in the application's installation directory due to inadequate permissions on these files.

A local attacker with low privileges can exploit this vulnerability by replacing the legitimate MobileGo.exe with a malicious executable. When the application is launched by an administrator or under elevated context, the substituted binary executes with sufficient rights to create a new user account and add it to the Administrators group, achieving full system access. The issue carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting high impacts on confidentiality, integrity, and availability.

Advisories and resources, including a proof-of-concept exploit at https://www.exploit-db.com/exploits/47667 and a VulnCheck advisory at https://www.vulncheck.com/advisories/mobilego-insecure-file-permissions, detail the vulnerability. Vendor pages at https://www.wondershare.net/ and https://www.wondershare.net/mobilego/ provide additional context on the software.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it…

more

to the Administrators group with full system access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.010 Services File Permissions Weakness Stealth
Adversaries may execute their own malicious payloads by hijacking the binaries used by services.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Insecure executable permissions (CWE-732) directly enable binary replacement for local privilege escalation to SYSTEM/admin.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2019-25343Shared CWE-732
CVE-2026-22676Shared CWE-732
CVE-2026-26101Shared CWE-732
CVE-2022-50900Same vendor: Wondershare
CVE-2022-50903Same vendor: Wondershare
CVE-2020-23438Same vendor: Wondershare
CVE-2025-22454Shared CWE-732
CVE-2026-23648Shared CWE-732
CVE-2025-27688Shared CWE-732
CVE-2025-33088Shared CWE-732

Affected Assets

wondershare
mobilego
8.5.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires processes to protect application executables like MobileGo.exe from unauthorized modification by local users.

prevent

Mandates restrictive configuration settings on application directories and files to prevent low-privileged local users from modifying executables.

prevent

Enforces least privilege to ensure low-privileged local users lack write access to the application's installation directory and executables.

References