CVE Alert: CVE-2025-12286 - n/a - VeePN

CVE-2025-12286

HIGHNo exploitation known

A weakness has been identified in VeePN up to 1.6.2. This affects an unknown function of the file C:\Program Files (x86)\VeePN\avservice\avservice.exe of the component AVService. This manipulation causes unquoted search path. The attack requires local access. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3.1 (7)

Vendor

n/a

Product

VeePN

Versions

1.6.0 | 1.6.1 | 1.6.2

CWE

CWE-428, Unquoted Search Path

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R

Published

2025-10-27T14:02:08.168Z

Updated

2025-10-27T14:02:08.168Z

References

https://vuldb.com/?id.329954

https://vuldb.com/?ctiid.329954

https://vuldb.com/?submit.672512

https://github.com/lakshayyverma/CVE-Discovery/blob/main/VeePn.md

AI Summary Analysis

Risk verdict

High risk; no KEV/SSVC exploitation state is indicated in the data, but the high CVSS scores and local-access prerequisite for this unquoted search path vulnerability justify prompt attention.

Why this matters

Successful exploitation could elevate an attacker from a standard user to a higher-privilege context on affected hosts, potentially undermining security controls and enabling persistence. The impact to confidentiality, integrity and availability is high on the compromised endpoint, with possible downstream risk if enterprise tooling or admin credentials are exposed. A lack of vendor response increases uncertainty and delays remediation.

Most likely attack path

An attacker with local access can exploit an unquoted search path in the AVService binary to gain privilege elevation on the host. The requirement for high complexity and low-privilege prerequisites means initial access may be limited to targeted individuals or specific footholds, but successful escalation could grant access across the local system. Lateral movement would depend on subsequent footholds or exposed admin credentials.

Who is most exposed

Windows endpoints running VeePN, especially within corporate environments where AVService operates with elevated context and where multiple users have local account access. Affected versions include 1.6.0–1.6.2.

Detection ideas

Alert on services with unquoted binary paths (especially AVService components).
Monitor for creation or modification of AVService-related files in C:\Program Files (x86)\VeePN\avservice\.
Detect unusual service start events or privilege escalation attempts from avservice.exe.
Look for abnormal process trees initiating from the VeePN directory.

Mitigation and prioritisation

Apply the vendor-provided patch or upgrade to a fixed release as soon as available; verify the unquoted path is corrected.
If patching is delayed, correct the service path quoting and enforce strict path integrity for AVService binaries.
Enforce least privilege for the accounts that manage or service VeePN components; implement application allowlisting.
Validate and restore secure service configurations during change-management windows; test in staging before production. If KEV/EPSS indicators emerge, treat as priority 1.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: CVE, cve-2025-12286, n-a, OSINT, threatintel, veepn