Based on the screenshot, here are the key details about the vulnerability in a concise markdown format: --- Vulnerability Information Title: Tosibox Key Service 3.3.0 Local Privilege Escalation via Unquoted Service Path Severity: High Date: December 30, 2025 Product Affected: Tosibox Key Service <= 3.3.0 Exploit ID: ZSL-2024-58315 CVSS Score: 4.0 (AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N) CVE: Not assigned CWE: CWE-428: Unquoted Search Path or Element --- References Zero Science Lab Disclosure (ZSL-2024-58315) Packet Storm Security Exploit Entry Vendor Homepage --- Credit LiquidWorm as Gjoko Krstic of Zero Science Lab --- Description Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability allowing local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit this by inserting malicious code in the system root path, enabling unauthorized code execution during application startup or system reboot.