CVE 8.5 HIGH

VeeVPN 1.6.1 – Unquoted Service Path Remote Code Execution_CVE-2025-66575

December 4, 2025 invoker category_cve

8.5 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P

Description

VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSystem.

AI Analysis

Unquoted service path vulnerability allowing remote code execution with escalated privileges

Basic Information

ID CVE-2025-66575

Source VulnCheck

Published Dec 4, 2025 at 20:46

Affected Product

Vendor VeePN

Product VeeVPN

Version 1.6.1

Affected Versions VeePN VeeVPN 1.6.1

CWE Classification

CWE-428

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor VeePN

Product VeeVPN

Version 1.6.1

References

{
    "lastseen": "",
    "description": "VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSystem.",
    "published": "2025-12-04T20:46:08.742Z",
    "modified": "2025-12-04T20:46:08.742Z",
    "type": "cve",
    "title": "VeeVPN 1.6.1 - Unquoted Service Path Remote Code Execution",
    "source": "VulnCheck",
    "references": "https://www.exploit-db.com/exploits/52088\nhttps://veepn.com/\nhttps://github.com/veepn/veepn\nhttps://www.vulncheck.com/advisories/veevpn-161-unquoted-service-path-remote-code-execution",
    "id": "CVE-2025-66575",
    "bulletinFamily": "",
    "cwe": [
        "CWE-428"
    ],
    "cvelist": null,
    "sourceData": "VeePN VeeVPN 1.6.1",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "VeeVPN",
    "version": "1.6.1",
    "vendor": "VeePN",
    "ai_description": "Unquoted service path vulnerability allowing remote code execution with escalated privileges",
    "ai_severity": "High",
    "ai_vendor": "VeePN",
    "ai_product": "VeeVPN",
    "ai_version": "1.6.1",
    "ai_score": 8.5
}

💭 Join the Security Discussion ❌ Cancel Reply