What is the CVSS score of CVE-2019-25345?

CVE-2019-25345 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of IIS are affected by CVE-2019-25345?

Realtek IIS Codec Service versions 6.4.10041.133 and earlier contain a privilege escalation vulnerability that allows local attackers to execute arbitrary code on affected systems.

Is there a public PoC exploit available for CVE-2019-25345?

Yes, a public proof-of-concept exploit is available for CVE-2019-25345. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2019-25345?

Within 24 hours: Inventory all systems running Realtek IIS Codec Service 6.4.10041.133; disable or uninstall the service if not operationally required. Within 7 days: Implement compensating controls including file system permissions hardening, restrict local administrator access, and monitor service execution logs for suspicious activity. Within 30 days: Contact Realtek for patch availability; evaluate alternative codec solutions or plan for service migration if patches remain unavailable.

IIS CVE-2019-25345

HIGH

Unquoted Search Path or Element (CWE-428)

2026-02-12 disclosure@vulncheck.com

IIS

7.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

PoC Detected

Feb 13, 2026 - 14:23 vuln.today

Public exploit code

CVE Published

Feb 12, 2026 - 20:16 nvd

HIGH 7.8

DescriptionCVE.org

Realtek IIS Codec Service 6.4.10041.133 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service configuration to inject malicious executables and escalate privileges on the system.

AnalysisAI

Technical ContextAI

exists in the the component. Realtek IIS Codec Service 6.4.10041.133 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service configuration to inject malicious executables and escalate privileges on the system.

Affected ProductsAI

Component: the.

RemediationAI

Monitor vendor advisories for a patch.

CVE-2019-25345 vulnerability details – vuln.today

Back

IIS CVE-2019-25345

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code