CVE-2019-25271 PUBLISHED

NETGATE Data Backup 3.0.620 - 'NGDatBckpSrv' Unquoted Service Path

Assigner: VulnCheck
Reserved: 06.01.2026 Published: 04.02.2026 Updated: 04.02.2026

NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.5

Product Status

Vendor NETGATE
Product Data Backup
Versions
  • Version 3.0.620 is affected

Credits

  • ZwX finder

References

Problem Types

  • Unquoted Search Path or Element CWE