CVE-2020-37055
Published: 01 February 2026
Summary
CVE-2020-37055 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Enigmasoftware (inferred from references). Its CVSS base score is 8.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Unquoted Path (T1574.009); ranked at the 4.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).
Deeper analysis
SpyHunter 4 is affected by CVE-2020-37055, an unquoted service path vulnerability classified under CWE-428. This flaw enables local users to potentially execute arbitrary code with elevated system privileges by placing malicious executables in specific file system locations that are exploited during service startup. The vulnerability received a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-02-01.
Local low-privileged users can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation allows attackers to gain elevated access, achieving high impacts on confidentiality, integrity, and availability through arbitrary code execution during the service startup process.
Advisories and related resources, including those from Enigma Software at https://www.enigmasoftware.com, a proof-of-concept exploit at https://www.exploit-db.com/exploits/48172, and a VulnCheck advisory at https://www.vulncheck.com/advisories/spyhunter-spyhunter-service-unquoted-service-path, provide further details on the issue.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-30969
Vulnerability details
SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations to gain elevated…
more
access during service startup.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unquoted service path (CWE-428) directly enables path interception during Windows service startup by allowing a malicious executable to be placed in an intermediate directory of the unquoted path and executed with SYSTEM privileges.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Mandates secure configuration settings for services, including properly quoted paths and restricted directory permissions, directly preventing exploitation of unquoted service path vulnerabilities.
Requires timely identification, reporting, and correction of flaws such as unquoted service paths through patching or reconfiguration.
Enforces least privilege for service accounts, limiting the impact of arbitrary code execution by reducing the elevated privileges gained via exploitation.