CVE-2019-25345

State: PUBLISHED · Published: 2026-02-12 · Updated: 2026-02-12 · Assigner: VulnCheck

Description

Realtek IIS Codec Service 6.4.10041.133 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service configuration to inject malicious executables and escalate privileges on the system.

CWE

CWE-428 — Unquoted Search Path or Element

Affected

Realtek / RTK IIS Codec Service — v=6.4.10041.133 [affected]

CVSS

4.0 score=8.5 severity=HIGH CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3.1 score=7.8 severity=HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

https://www.exploit-db.com/exploits/47642 exploit
https://www.realtek.com/en/ product
https://www.vulncheck.com/advisories/rtk-iis-codec-service-rtkiscodec-unquote-service-path third-party-advisory

Source

cvelistV5-main/cves/2019/25xxx/CVE-2019-25345.json