CVE-2025-41359

Name of the Vulnerable Software and Affected Versions Small HTTP Server version 3.06.36

Description The issue involves an unquoted service path in Small HTTP Server. Specifically, the vulnerability affects the executable located at 'C:Program Files (x86)shttps mghttp.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name in a directory with higher priority, causing the service to execute the malicious file instead of the legitimate one. Exploiting this flaw could lead to arbitrary code execution, unauthorized system access, or service disruption. The vulnerable path is associated with the service configuration.

Recommendations Ensure the service path is properly quoted. Restrict physical and network access to the system.