CVE-2019-25271

HIGH

NETGATE Data Backup 3.0.620 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25271. PoCs published by ZwX.

AI-analyzed exploit summary This exploit demonstrates an unquoted service path vulnerability in NETGATE Data Backup 3.0.620, where the service 'NGDatBckpSrv' has a binary path containing spaces but lacks quotes, allowing potential privilege escalation via path manipulation.

Description

NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations.

Exploits (1)

exploitdb WORKING POC
by ZwX · textlocalwindows
https://www.exploit-db.com/exploits/47746

This exploit demonstrates an unquoted service path vulnerability in NETGATE Data Backup 3.0.620, where the service 'NGDatBckpSrv' has a binary path containing spaces but lacks quotes, allowing potential privilege escalation via path manipulation.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: NETGATE Data Backup 3.0.620
Auth required
Prerequisites: Local access to the system · Ability to create executable files in the vulnerable path
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/47746
Various Sources product
http://www.netgate.sk/

Scores

CVSS v3 7.8
EPSS 0.0033
EPSS Percentile 24.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-428
Status published
Products (1)
NETGATE/Data Backup 3.0.620
Published Feb 05, 2026
Tracked Since Feb 18, 2026