{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-66575", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-12-04T16:25:29.546Z", "datePublished": "2025-12-04T20:46:08.742Z", "dateUpdated": "2025-12-05T17:44:47.464Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "VeeVPN", "vendor": "VeePN", "versions": [{"status": "affected", "version": "1.6.1"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Do\u00f6ukan Orhan, \u00d6rhan.dogukan@gmail.com"}], "datePublic": "2024-12-27T00:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSystem.</p>"}], "value": "VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSystem."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.5, "baseSeverity": "HIGH", "exploitMaturity": "PROOF_OF_CONCEPT", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-428", "description": "CWE-428 Unquoted Search Path or Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-12-04T20:46:08.742Z"}, "references": [{"name": "ExploitDB-52088", "tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/52088"}, {"name": "VeePN Homepage", "tags": ["product"], "url": "https://veepn.com/"}, {"name": "VeePN GitHub Repository", "tags": ["product"], "url": "https://github.com/veepn/veepn"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/veevpn-161-unquoted-service-path-remote-code-execution"}], "source": {"discovery": "UNKNOWN"}, "title": "VeeVPN 1.6.1 - Unquoted Service Path Remote Code Execution", "x_generator": {"engine": "vulncheck"}}, "adp": [{"references": [{"url": "https://www.exploit-db.com/exploits/52088", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-05T17:44:42.490560Z", "id": "CVE-2025-66575", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-05T17:44:47.464Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-66575", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-05T17:44:42.490560Z"}}}], "references": [{"url": "https://www.exploit-db.com/exploits/52088", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-05T17:44:35.299Z"}}], "cna": {"title": "VeeVPN 1.6.1 - Unquoted Service Path Remote Code Execution", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Do\u00f6ukan Orhan, \u00d6rhan.dogukan@gmail.com"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "VeePN", "product": "VeeVPN", "versions": [{"status": "affected", "version": "1.6.1"}], "defaultStatus": "unaffected"}], "datePublic": "2024-12-27T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/52088", "name": "ExploitDB-52088", "tags": ["exploit"]}, {"url": "https://veepn.com/", "name": "VeePN Homepage", "tags": ["product"]}, {"url": "https://github.com/veepn/veepn", "name": "VeePN GitHub Repository", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/veevpn-161-unquoted-service-path-remote-code-execution", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSystem.", "supportingMedia": [{"type": "text/html", "value": "<p>VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSystem.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-428", "description": "CWE-428 Unquoted Search Path or Element"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-12-04T20:46:08.742Z"}}}, "cveMetadata": {"cveId": "CVE-2025-66575", "state": "PUBLISHED", "dateUpdated": "2025-12-05T17:44:47.464Z", "dateReserved": "2025-12-04T16:25:29.546Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2025-12-04T20:46:08.742Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:veevpn:veevpn:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "6D224D5B-0B3A-44DC-956E-D65685114EC6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSystem."}], "id": "CVE-2025-66575", "lastModified": "2025-12-17T16:31:23.250", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2025-12-04T21:16:10.413", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Broken Link"], "url": "https://github.com/veepn/veepn"}, {"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://veepn.com/"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit"], "url": "https://www.exploit-db.com/exploits/52088"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.vulncheck.com/advisories/veevpn-161-unquoted-service-path-remote-code-execution"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit"], "url": "https://www.exploit-db.com/exploits/52088"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-428"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"created": "2025-12-05T10:52:05.254816+00:00", "updated": "2025-12-05T10:52:05.254865+00:00", "vendors": ["veepn", "veepn$PRODUCT$veepn"]}