CVE-2019-25309

HIGH

Zilab Remote Console Server 3.2.9 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25309. PoCs published by cakes.

AI-analyzed exploit summary This is a writeup describing an unquoted service path vulnerability in Zilab Remote Console Server 3.2.9. The exploit demonstrates how the service path lacks quotes, potentially allowing privilege escalation if an executable is placed in a path with spaces.

Description

Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be run with LocalSystem permissions.

Exploits (1)

exploitdb WRITEUP
by cakes · textlocalwindows
https://www.exploit-db.com/exploits/47506

This is a writeup describing an unquoted service path vulnerability in Zilab Remote Console Server 3.2.9. The exploit demonstrates how the service path lacks quotes, potentially allowing privilege escalation if an executable is placed in a path with spaces.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Theoretical
Target: Zilab Remote Console Server 3.2.9
Auth required
Prerequisites: Local access to the system · Ability to place an executable in a path with spaces
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.8
EPSS 0.0015
EPSS Percentile 4.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-428
Status published
Products (1)
Zilab Software Inc/Zilab Remote Console Server 3.2.9
Published Feb 11, 2026
Tracked Since Feb 18, 2026