CVE-2019-25281

HIGH 7.8

NCP_Secure_Entry_Client 9.2 - Unquoted Service Paths

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malicious code that would execute with LocalSystem privileges during service startup.

CWE	CWE-428
Vendor	ncp-e
Product	ncp_secure_entry_client
Published	Feb 4, 2026
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for ncp-e ncp_secure_entry_client

Be the first to know when new high vulnerabilities affecting ncp-e ncp_secure_entry_client are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

ncp-e / NCP_Secure_Entry_Client

9.2x

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/47668 software.ncp-e.com: http://software.ncp-e.com/ vulncheck.com: https://www.vulncheck.com/advisories/ncpsecureentryclient-unquoted-service-paths

Credits

Akif Mohamed Ik