← back
CVE-2025-66575

VeeVPN 1.6.1 - Unquoted Service Path Remote Code Execution

CVSS 8.5 HIGHEPSS 0.4%CWE-428
VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSystem.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P
Affected products
VeePN · VeeVPN

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/veepn/veepnhttps://veepn.com/https://www.exploit-db.com/exploits/52088https://www.vulncheck.com/advisories/veevpn-161-unquoted-service-path-remote-code-execution