关键信息 Title: VeePN 1.6.2 Unquoted Search Path Description: - VeePN 1.6.2 installs AVService with an unquotedImagePath: - Due to the unquoted path containing spaces, Windows may load an executable from earlier tokens (e.g., ). - The affected hosts , or are writable, allowing a local attacker with file-write access to place a malicious binary and gain the service account (typically SYSTEM) when the service starts. Vulnerable Product: VeePN Vulnerable Version: 1.6.2 Vulnerability Type: Unquoted Search Path Exploit Vector: Local attacker with file-write access Impact: Potential SYSTEM privilege escalation Source: https://github.com/lakshayverma/CVE-Discovery/blob/main/VeePn.md Submitter: lakshay12311 (UID 91298) Submission Date: 10/26/2025 Moderation Date: 10/31/2025 Status: Duplicate VulDB Entry: 329954 [VeePN up to 1.6.2 AVService avservice.exe unquoted search path]