High severity8.4NVD Advisory· Published Jan 8, 2026· Updated Apr 15, 2026

CVE-2019-25231

Description

devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure service path configuration by inserting malicious code in the system root path to execute with elevated privileges during application startup or system reboot.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cxsecurity.com/issue/WLB-2019020037nvd
exchange.xforce.ibmcloud.com/vulnerabilities/156594nvd
packetstormsecurity.com/files/151525nvd
www.devolo.globalnvd
www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5506.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.546
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000