CVE-2019-25307 PUBLISHED

WorkgroupMail 7.5.1 - 'WorkgroupMail' Unquoted Service Path

Assigner: VulnCheck
Reserved: 10.02.2026 Published: 11.02.2026 Updated: 11.02.2026

WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.5

Product Status

Vendor Softalk
Product WorkgroupMail
Versions
  • Version 7.5.1 is affected

Credits

  • Cakes finder

References

Problem Types

  • Unquoted Search Path or Element CWE