CVE-2019-25308

HIGH

Mikogo <5.2.2.150317 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25308. PoCs published by cakes.

AI-analyzed exploit summary This is a technical writeup demonstrating an unquoted service path vulnerability in Mikogo-Service, which could allow local privilege escalation due to improper handling of spaces in the service path. The output shows the service configuration, highlighting the vulnerable BINARY_PATH_NAME.

Description

Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations.

Exploits (1)

exploitdb WRITEUP
by cakes · textlocalwindows
https://www.exploit-db.com/exploits/47510

This is a technical writeup demonstrating an unquoted service path vulnerability in Mikogo-Service, which could allow local privilege escalation due to improper handling of spaces in the service path. The output shows the service configuration, highlighting the vulnerable BINARY_PATH_NAME.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Mikogo 5.2.2.150317
Auth required
Prerequisites: Local access to the system · Ability to write to a directory in the unquoted path
devstral-2 · analyzed Feb 17, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/47510

Scores

CVSS v3 7.8
EPSS 0.0022
EPSS Percentile 12.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-428
Status published
Products (1)
mikogo/mikogo 5.2.150317
Published Feb 11, 2026
Tracked Since Feb 18, 2026