CVE-2025-66575

Name of the Vulnerable Software and Affected Versions VeeVPN version 1.6.1

Description VeeVPN version 1.6.1 has an issue with an unquoted service path in the VeePNService. This allows remote attackers to potentially run code when the system starts or restarts, gaining higher privileges. An attacker can exploit this by supplying a malicious service name, which allows them to inject commands and operate as LocalSystem.

Recommendations Update VeeVPN to a version with a fix for this issue. As a temporary workaround, consider restricting the service name allowed for the VeePNService.