CVE-2018-25359

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.4 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious executable that executes with LocalSystem privileges when the service is triggered.

Vulnerability Details

Published Date

May 25, 2026

Last Modified

May 26, 2026

CWE ID

CWE-276

Source

NVD

Vendor

Splinterware

Product

Splinterware System Scheduler Pro

External References

https://www.exploit-db.com/exploits/45072
https://www.splinterware.com
https://www.vulncheck.com/advisories/splinterware-system-scheduler-pro-privilege-escalation

CVE-2018-25359

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment