CVE-2019-25281

HIGH

NCP Secure Entry Client 9.2 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25281. PoCs published by Akif Mohamed Ik.

AI-analyzed exploit summary This is a technical writeup detailing an unquoted service path vulnerability in NCP Secure Entry Client 9.2x. The author demonstrates how the service paths are vulnerable to local privilege escalation due to improper handling of spaces in executable paths.

Description

NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malicious code that would execute with LocalSystem privileges during service startup.

Exploits (1)

exploitdb WRITEUP
by Akif Mohamed Ik · textlocalwindows
https://www.exploit-db.com/exploits/47668

This is a technical writeup detailing an unquoted service path vulnerability in NCP Secure Entry Client 9.2x. The author demonstrates how the service paths are vulnerable to local privilege escalation due to improper handling of spaces in executable paths.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Theoretical
Target: NCP Secure Entry Client 9.2x
Auth required
Prerequisites: Local access to the system · Ability to write to the system root path
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/47668
Various Sources product
http://software.ncp-e.com/

Scores

CVSS v3 7.8
EPSS 0.0016
EPSS Percentile 5.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-428
Status published
Products (1)
ncp-e/NCP_Secure_Entry_Client 9.2x
Published Feb 05, 2026
Tracked Since Feb 18, 2026