CVE-2019-25269

HIGH

Amiti Antivirus <25.0.640 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25269. PoCs published by ZwX.

AI-analyzed exploit summary This is a writeup demonstrating an unquoted service path vulnerability in Amiti Antivirus 25.0.640. The output shows service configurations with unquoted paths, which could allow local privilege escalation if an attacker can place an executable in a higher-level directory.

Description

Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files in specific directory locations.

Exploits (1)

exploitdb WRITEUP
by ZwX · textlocalwindows
https://www.exploit-db.com/exploits/47747

This is a writeup demonstrating an unquoted service path vulnerability in Amiti Antivirus 25.0.640. The output shows service configurations with unquoted paths, which could allow local privilege escalation if an attacker can place an executable in a higher-level directory.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Theoretical
Target: Amiti Antivirus 25.0.640
Auth required
Prerequisites: Local access to the system · Ability to write to a directory in the unquoted path
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/47747
Various Sources product
http://www.netgate.sk/

Scores

CVSS v3 7.8
EPSS 0.0033
EPSS Percentile 24.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-428
Status published
Products (1)
Netgate/Amiti Antivirus 25.0.640
Published Feb 05, 2026
Tracked Since Feb 18, 2026