CVE-2019-25747 | Network Inventory Advisor 5.0.26.0 installs the niaservice s… | CVSS 7.8 HIGH

Description

Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that allows local attackers to escalate privileges by placing malicious executables in intermediate directories. Attackers can exploit the unquoted path in the service configuration to execute arbitrary code with LocalSystem privileges when the service starts or restarts.

Metadata

CVE ID: CVE-2019-25747
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-19 13:10 UTC
Published: 2026-06-19 14:16 UTC
Last updated: 2026-06-19 14:16 UTC
Primary CWE: CWE-428
Unquoted Search Path or Element
Vendor / Product: Network-Inventory-Advisor / Network Inventory Advisor
Sources: cve.org · NVD

Severity & Metrics

7.8 HIGH CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products (1)

Vendor	Product	Platform	Versions
Network-Inventory-Advisor	Network Inventory Advisor	—	5.0.26.0

Weakness (CWE)

CWE	Source	Description
CWE-428	cna	Unquoted Search Path or Element

CVSS scores (2)

Score	Severity	Version	Source	Vector
8.5	HIGH	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.8	HIGH	3.1	cna	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (4)

ExploitDB-47584 https://www.exploit-db.com/exploits/47584
Official Product Homepage https://www.network-inventory-advisor.com/
Product Reference https://www.network-inventory-advisor.com/download.html
VulnCheck Advisory: Network Inventory Advisor 5.0.26.0 Unquoted Service Path Privilege Escalation https://www.vulncheck.com/advisories/network-inventory-advisor-unquoted-service-path-privilege-escalation