CVE-2018-25359

HIGH

Splinterware System Scheduler Pro 5.12 Privilege Escalation

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25359. PoCs published by bzyo.

AI-analyzed exploit summary This exploit demonstrates a privilege escalation vulnerability in Splinterware System Scheduler Pro 5.12 due to insecure file permissions. A low-privilege user can replace the WService.exe file with a malicious executable, which is then executed by the service running as Local System.

Description

Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious executable that executes with LocalSystem privileges when the service is triggered.

Exploits (1)

exploitdb WORKING POC VERIFIED

by bzyo · textlocalwindows

https://www.exploit-db.com/exploits/45072

View Code ZIP pw:eip

This exploit demonstrates a privilege escalation vulnerability in Splinterware System Scheduler Pro 5.12 due to insecure file permissions. A low-privilege user can replace the WService.exe file with a malicious executable, which is then executed by the service running as Local System.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Splinterware System Scheduler Pro 5.12

Auth required

Prerequisites: System Scheduler service installed · Low-privilege user access

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed May 25, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-45072

https://www.exploit-db.com/exploits/45072

Product product

Official Product Homepage

https://www.splinterware.com

Third Party Advisory third-party-advisory

VulnCheck Advisory: Splinterware System Scheduler Pro 5.12 Privilege Escalation

https://www.vulncheck.com/advisories/splinterware-system-scheduler-pro-privilege-escalation

Scores

CVSS v3 8.4

EPSS 0.0016

EPSS Percentile 5.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-276

Status published

Products (1)

Splinterware/Splinterware System Scheduler Pro 5.12

Published May 25, 2026

Tracked Since May 25, 2026