CVE-2025-66575

HIGH

VeeVPN 1.6.1 - Unquoted Service Path Remote Code Execution via VeePNService

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-66575. PoCs published by Doğukan Orhan.

AI-analyzed exploit summary This exploit describes an unquoted service path vulnerability in VeeVPN 1.6.1, where the service path contains spaces and is not enclosed in quotes, potentially allowing privilege escalation via executable placement in the path.

Description

VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSystem.

Exploits (1)

exploitdb WRITEUP
by Doğukan Orhan · textlocalwindows
https://www.exploit-db.com/exploits/52088

This exploit describes an unquoted service path vulnerability in VeeVPN 1.6.1, where the service path contains spaces and is not enclosed in quotes, potentially allowing privilege escalation via executable placement in the path.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Theoretical
Target: VeeVPN 1.6.1
Auth required
Prerequisites: Local access to the system · Ability to write to a directory in the unquoted service path
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Product product
https://veepn.com/
Broken Link product
https://github.com/veepn/veepn

Scores

CVSS v3 7.8
EPSS 0.0015
EPSS Percentile 35.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-428
Status published
Products (1)
veepn/veepn 1.6.1
Published Dec 04, 2025
Tracked Since Feb 18, 2026