CVE-2025-8070 – “ABP AES Unquoted Service Path Privilege Escalation Vulnerability”

CVE ID : CVE-2025-8070

Published : July 23, 2025, 8:15 a.m. | 44 minutes ago

Description : The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:Program.exe. If the service runs with elevated privileges, exploitation results in privilege escalation to SYSTEM level. This vulnerability arises from an unquoted service path affecting systems where the executable resides in a path containing spaces.
Affected products and versions include: ABP 2.0.7.6130 and earlier as well as AES 1.0.6.6133 and earlier.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…