CVE-2019-25345

HIGH EPSS 2.7%

Published Feb 12, 20264mo ago · Modified Apr 15, 20262mo ago

8.5 CVSS 4.0

High

Published Feb 12, 2026 4mo ago

Last Modified Apr 15, 2026 2mo ago

Description

Realtek IIS Codec Service 6.4.10041.133 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service configuration to inject malicious executables and escalate privileges on the system.

CVSS Details

Base Score

8.5

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

2.7% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-428

References 3

exploit-db.com https://www.exploit-db.com/exploits/47642
realtek.com https://www.realtek.com/en/
vulncheck.com https://www.vulncheck.com/advisories/rtk-iis-codec-service-rtkiscodec-unquote-service-path

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.