216.73.217.86

CVE-2025-66575

· Published 04/12/2025 21:16 · Modified 17/12/2025 16:31

Labels: CVE-2025-66575 2025-12-04CVE-2025-66575CWE-428[email protected]

Essential information

Published
04/12/2025 21:16
Modified
17/12/2025 16:31
Author
Creator
CVSS
8.5 HIGH (v3) 8.5 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSystem.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
veevpn / veevpn cpe:2.3:a:veevpn:veevpn:1.6.1:*:*:*:*:*:*:*

References