CVE-2025-8070

Name of the Vulnerable Software and Affected Versions ABP versions prior to 2.0.7.6130 AES versions prior to 1.0.6.6133

Description The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:Program.exe. If the service runs with elevated privileges, exploitation results in privilege escalation to SYSTEM level. This vulnerability arises from an unquoted service path affecting systems where the executable resides in a path containing spaces.

Recommendations Ensure the ImagePath registry value for ABP services is properly quoted. Ensure the ImagePath registry value for AES services is properly quoted.