{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-66575","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2025-12-04T16:25:29.546Z","datePublished":"2025-12-04T20:46:08.742Z","dateUpdated":"2025-12-05T17:44:47.464Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"VeeVPN","vendor":"VeePN","versions":[{"status":"affected","version":"1.6.1"}]}],"credits":[{"lang":"en","type":"finder","value":"Doöukan Orhan, Örhan.dogukan@gmail.com"}],"datePublic":"2024-12-27T00:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSystem.</p>"}],"value":"VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSystem."}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":8.5,"baseSeverity":"HIGH","exploitMaturity":"PROOF_OF_CONCEPT","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","userInteraction":"PASSIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-428","description":"CWE-428 Unquoted Search Path or Element","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2025-12-04T20:46:08.742Z"},"references":[{"name":"ExploitDB-52088","tags":["exploit"],"url":"https://www.exploit-db.com/exploits/52088"},{"name":"VeePN Homepage","tags":["product"],"url":"https://veepn.com/"},{"name":"VeePN GitHub Repository","tags":["product"],"url":"https://github.com/veepn/veepn"},{"tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/veevpn-161-unquoted-service-path-remote-code-execution"}],"source":{"discovery":"UNKNOWN"},"title":"VeeVPN 1.6.1 - Unquoted Service Path Remote Code Execution","x_generator":{"engine":"vulncheck"}},"adp":[{"references":[{"url":"https://www.exploit-db.com/exploits/52088","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-05T17:44:42.490560Z","id":"CVE-2025-66575","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-05T17:44:47.464Z"}}]}}