Unrated severityNVD Advisory· Published Dec 4, 2025· Updated Dec 5, 2025

VeeVPN 1.6.1 - Unquoted Service Path Remote Code Execution

CVE-2025-66575

Description

VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSystem.

Affected products

VeeVPN/VeePNServicellm-create
Range: = 1.6.1
VeePN/VeeVPNv5
Range: 1.6.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/52088mitreexploit
www.vulncheck.com/advisories/veevpn-161-unquoted-service-path-remote-code-executionmitrethird-party-advisory
veepn.commitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000