VYPR

CWE-428

Unquoted Search Path or Element

BaseDraft

Description

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:\Program.exe" to be run by a privileged program making use of WinExec.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (233)

page 10 of 12
  • CVE-2013-1609HigMar 26, 2013
    risk 0.51cvss 7.8epss 0.00

    Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec Enterprise Vault (EV) for File System Archiving before 9.0.4 and 10.x before 10.0.1 allow local users to gain privileges via a Trojan horse program.

  • CVE-2025-14018HigDec 22, 2025
    risk 0.50cvss 7.3epss 0.00

    Unquoted Search Path or Element vulnerability in NetBT Consulting Services Inc. E-Fatura allows Leveraging/Manipulating Configuration File Search Paths, Redirect Access to Libraries. This issue affects e-Fatura: before 1.2.15.

  • CVE-2017-9644HigAug 25, 2017
    risk 0.49cvss 7.0epss 0.01

    An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL,…

  • CVE-2025-66264HigNov 26, 2025
    risk 0.47cvss epss 0.00

    The CMService.exe service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker with write privileges to the filesystem to insert a malicious executable in the path, leading to privilege escalation.

  • CVE-2025-5191HigAug 25, 2025
    risk 0.47cvss epss 0.00

    An Unquoted Search Path vulnerability has been identified in the utility for Moxa’s industrial computers (Windows). Due to the unquoted path configuration in the SerialInterfaceService.exe utility, a local attacker with limited privileges could place a malicious executable in…

  • CVE-2025-0035HigMay 13, 2025
    risk 0.47cvss 7.3epss 0.00

    Unquoted search path within AMD Cloud Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution.

  • CVE-2024-36321HigMay 13, 2025
    risk 0.47cvss 7.3epss 0.00

    Unquoted search path within AIM-T Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution.

  • CVE-2025-0884HigMar 12, 2025
    risk 0.47cvss epss 0.00

    Unquoted Search Path or Element vulnerability in OpenText™ Service Manager.  The vulnerability could allow a user to gain SYSTEM privileges through Privilege Escalation. This issue affects Service Manager: 9.70, 9.71, 9.72.

  • CVE-2024-57276HigJan 27, 2025
    risk 0.47cvss 7.3epss 0.00

    In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC service contains an unquoted service path vulnerability. This service is configured with insecure permissions, allowing users to modify the executable file path used by the service. The service runs with NT…

  • CVE-2024-31804MedApr 23, 2024
    risk 0.47cvss 6.7epss 0.01

    An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.23.0.02 allows a local attacker to escalate privileges via the Program.exe component.

  • CVE-2024-22437HigApr 15, 2024
    risk 0.47cvss 7.3epss 0.00

    A potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system.

  • CVE-2026-2542HigFeb 16, 2026
    risk 0.46cvss 7.0epss 0.00

    A weakness has been identified in Total VPN 0.5.29.0 on Windows. Affected by this vulnerability is an unknown functionality of the file C:\Program Files\Total VPN\win-service.exe. Executing a manipulation can lead to unquoted search path. It is possible to launch the attack on…

  • CVE-2025-66269HigNov 26, 2025
    risk 0.46cvss epss 0.00

    The RupsMon and USBMate services in UPSilon 2000 run with SYSTEM privileges and contain unquoted service paths. This allows a local attacker to perform path interception and escalate privileges if they have write permissions to the directories proceeding that of which the real…

  • CVE-2025-13433HigNov 20, 2025
    risk 0.46cvss 7.0epss 0.00

    A security flaw has been discovered in Muse Group MuseHub 2.1.0.1567. The affected element is an unknown function of the file C:\Program Files\WindowsApps\Muse.MuseHub_2.1.0.1567_x64__rb9pth70m6nz6\Muse.Updater.exe of the component Windows Service. The manipulation results in…

  • CVE-2025-12286HigOct 27, 2025
    risk 0.46cvss 7.0epss 0.00

    A weakness has been identified in VeePN up to 1.6.2. This affects an unknown function of the file C:\Program Files (x86)\VeePN\avservice\avservice.exe of the component AVService. This manipulation causes unquoted search path. The attack requires local access. A high degree of…

  • CVE-2025-12247HigOct 27, 2025
    risk 0.46cvss 7.0epss 0.00

    A weakness has been identified in Hasleo Backup Suite up to 5.2. Impacted is an unknown function of the component HasleoImageMountService/HasleoBackupSuiteService. This manipulation causes unquoted search path. The attack is restricted to local execution. The attack's complexity…

  • CVE-2024-3640HigMay 16, 2024
    risk 0.46cvss epss 0.00

    An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter…

  • CVE-2020-28209HigNov 19, 2020
    risk 0.46cvss 7.0epss 0.00

    A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders…

  • CVE-2025-34499MedDec 11, 2025
    risk 0.45cvss epss 0.00

    AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious executables that will be…

  • CVE-2026-7280MedApr 28, 2026
    risk 0.44cvss 6.7epss 0.00

    AVACAST developed by eMPIA Technology has a Unquoted Service Path vulnerability, allowing privileged local attackers to place a malicious executable file in a specific directory, resulting in arbitrary code execution with system privileges when the AVACAST service starts.