CVE-2019-25304 – Intelligent Security System SecurOS Enterprise 10.2 – ‘SecurosCtrlService’ Unquoted Service Path

CVE ID : CVE-2019-25304

Published : Feb. 6, 2026, 4:41 p.m. | 37 minutes ago

Description : SecurOS Enterprise 10.2 contains an unquoted service path vulnerability in the SecurosCtrlService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:Program Files (x86)ISSSecurOS to insert malicious code that would execute with system-level permissions during service startup.

Severity: 8.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…