CVE-2019-25271

HIGH
2026-02-05 [email protected]
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
PoC Detected
Feb 05, 2026 - 14:57 vuln.today
Public exploit code
CVE Published
Feb 05, 2026 - 00:15 nvd
HIGH 7.8

Tags

Windows

Description

NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations.

Analysis

NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations. [CVSS 7.8 HIGH]

Technical Context

NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations.

Affected Products

Component: its NGDatBckpSrv Windows.

Remediation

Monitor vendor advisories for a patch.

Priority Score

59
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +39
POC: +20

Share

CVE-2019-25271 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy