CVE-2019-25344

HIGH

Wondershare MobileGo 8.5.0 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25344. PoCs published by ZwX.

AI-analyzed exploit summary This exploit leverages insecure file permissions in Wondershare MobileGo 8.5.0, allowing an attacker to replace the executable with a malicious version to escalate privileges. The PoC demonstrates how to compile and replace the executable to execute arbitrary commands with higher privileges.

Description

Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators group with full system access.

Exploits (1)

exploitdb WORKING POC

by ZwX · textlocalwindows

https://www.exploit-db.com/exploits/47667

View Code ZIP pw:eip

This exploit leverages insecure file permissions in Wondershare MobileGo 8.5.0, allowing an attacker to replace the executable with a malicious version to escalate privileges. The PoC demonstrates how to compile and replace the executable to execute arbitrary commands with higher privileges.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Wondershare MobileGo 8.5.0

No auth needed

Prerequisites: Access to the system where MobileGo is installed · Ability to replace the executable in the installation directory

MITRE ATT&CK

T1548.002 - Bypass User Account Control T1037.001 - Logon Script (Windows)

devstral-2 · analyzed Feb 17, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/47667

Various Sources product

https://www.wondershare.net/

Various Sources product

https://www.wondershare.net/mobilego/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/mobilego-insecure-file-permissions

Scores

CVSS v3 7.8

EPSS 0.0016

EPSS Percentile 5.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-732

Status published

Products (1)

wondershare/mobilego 8.5.0

Published Feb 12, 2026

Tracked Since Feb 18, 2026