CVE-2019-25747

HIGH

Network Inventory Advisor 5.0.26.0 Unquoted Service Path Privilege Escalation

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25747. PoCs published by Samuel DiazL.

AI-analyzed exploit summary This is a technical writeup describing an unquoted service path vulnerability in Network Inventory Advisor 5.0.26.0. The service 'niaservice' is installed with an unquoted path, which could allow local privilege escalation if an attacker can place a malicious executable in a higher-level directory.

Description

Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that allows local attackers to escalate privileges by placing malicious executables in intermediate directories. Attackers can exploit the unquoted path in the service configuration to execute arbitrary code with LocalSystem privileges when the service starts or restarts.

Exploits (1)

exploitdb WRITEUP

by Samuel DiazL · textlocalwindows

https://www.exploit-db.com/exploits/47584

View Code ZIP pw:eip

This is a technical writeup describing an unquoted service path vulnerability in Network Inventory Advisor 5.0.26.0. The service 'niaservice' is installed with an unquoted path, which could allow local privilege escalation if an attacker can place a malicious executable in a higher-level directory.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Network Inventory Advisor 5.0.26.0

Auth required

Prerequisites: Local access to the system · Ability to write to a directory in the unquoted path

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Jun 19, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-47584

https://www.exploit-db.com/exploits/47584

Product product

Official Product Homepage

https://www.network-inventory-advisor.com/

Product product

Product Reference

https://www.network-inventory-advisor.com/download.html

Third Party Advisory third-party-advisory

VulnCheck Advisory: Network Inventory Advisor 5.0.26.0 Unquoted Service Path Privilege Escalation

https://www.vulncheck.com/advisories/network-inventory-advisor-unquoted-service-path-privilege-escalation

Scores

CVSS v3 7.8

EPSS 0.0012

EPSS Percentile 2.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-428

Status published

Products (1)

Network-Inventory-Advisor/Network Inventory Advisor 5.0.26.0

Published Jun 19, 2026

Tracked Since Jun 19, 2026