How to fix CVE-2019-25272?

Within 24 hours: Inventory all systems running CCSrvProxy service and isolate affected assets from production networks where feasible; enable enhanced monitoring and logging for CCSrvProxy processes. Within 7 days: Implement network segmentation to restrict access to CCSrvProxy to only required internal users; deploy compensating controls listed below; conduct vulnerability scanning to identify all affected instances. Within 30 days: Contact vendor for patch availability; evaluate alternative solutions or decommissioning of CCSrvProxy if patch timeline is unacceptable; complete risk assessment for any exposed systems.

CVE-2019-25272

HIGH

2026-02-05 [email protected]

7.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 05, 2026 - 14:57 vuln.today

Public exploit code

CVE Published

Feb 05, 2026 - 00:15 nvd

HIGH 7.8

Description

TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnerability in the CCSrvProxy service that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\TenaxSoft\CyberPlanet\SrvProxy.exe' to inject malicious executables and gain elevated system privileges.

Analysis

CCSrvProxy service contains a vulnerability that allows attackers to execute arbitrary code (CVSS 7.8).

Technical Context

exists in the CCSrvProxy component. TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnerability in the CCSrvProxy service that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\TenaxSoft\CyberPlanet\SrvProxy.exe' to inject malicious executables and gain elevated system privileges.

Affected Products

Product: CCSrvProxy service. Component: CCSrvProxy.

Remediation

Monitor vendor advisories for a patch.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +39

POC: +20

CVE-2019-25272 vulnerability details – vuln.today

Back

CVE-2019-25272

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2019-25272

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code