CVE-2019-25747
Network Inventory Advisor 5.0.26.0 Unquoted Service Path Privilege Escalation
CVSS Score
7.8
EPSS Score
0.0%
EPSS Percentile
0th
Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that allows local attackers to escalate privileges by placing malicious executables in intermediate directories. Attackers can exploit the unquoted path in the service configuration to execute arbitrary code with LocalSystem privileges when the service starts or restarts.
| CWE | CWE-428 |
| Vendor | network-inventory-advisor |
| Product | network inventory advisor |
| Published | Jun 19, 2026 |
Stay Ahead of the Next One
Get instant alerts for network-inventory-advisor network inventory advisor
Be the first to know when new high vulnerabilities affecting network-inventory-advisor network inventory advisor are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Network-Inventory-Advisor / Network Inventory Advisor
5.0.26.0
References
exploit-db.com: https://www.exploit-db.com/exploits/47584 network-inventory-advisor.com: https://www.network-inventory-advisor.com/ network-inventory-advisor.com: https://www.network-inventory-advisor.com/download.html vulncheck.com: https://www.vulncheck.com/advisories/network-inventory-advisor-unquoted-service-path-privilege-escalation
Credits
Samuel DiazL