CVE-2019-25273

HIGH

Easy-Hide-IP 5.0.0.3 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25273. PoCs published by Rene Cortes S.

AI-analyzed exploit summary This is a writeup detailing an unquoted service path vulnerability in Easy-Hide-IP 5.0.0.3. The vulnerability allows local privilege escalation due to the service path containing spaces and not being enclosed in quotes.

Description

Easy-Hide-IP 5.0.0.3 contains an unquoted service path vulnerability in the EasyRedirect service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe' to inject malicious executables and escalate privileges.

Exploits (1)

exploitdb WRITEUP
by Rene Cortes S · textlocalwindows
https://www.exploit-db.com/exploits/47712

This is a writeup detailing an unquoted service path vulnerability in Easy-Hide-IP 5.0.0.3. The vulnerability allows local privilege escalation due to the service path containing spaces and not being enclosed in quotes.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Easy-Hide-IP 5.0.0.3
Auth required
Prerequisites: Local access to the system · Service with unquoted path containing spaces
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/47712
Various Sources product
https://easy-hide-ip.com

Scores

CVSS v3 7.8
EPSS 0.0015
EPSS Percentile 4.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-428
Status published
Products (1)
Easy-Hide-Ip/IP 5.0.0.3
Published Feb 05, 2026
Tracked Since Feb 18, 2026