CVE-2020-15261

HIGH

Veyon Service <4.4.2 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-15261. PoCs published by Víctor García.

AI-analyzed exploit summary This is a writeup describing an unquoted service path vulnerability in Veyon 4.4.1. The vulnerability could allow local privilege escalation if an attacker can place an executable in a path that is executed due to improper quoting.

Description

On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.

Exploits (2)

exploitdb WRITEUP

by Víctor García · textlocalwindows

https://www.exploit-db.com/exploits/49925

View Code ZIP pw:eip

This is a writeup describing an unquoted service path vulnerability in Veyon 4.4.1. The vulnerability could allow local privilege escalation if an attacker can place an executable in a path that is executed due to improper quoting.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Veyon 4.4.1

Auth required

Prerequisites: Local access to the system · Ability to write to a directory in the unquoted path

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 16, 2026 Full analysis →