PT-2026-50914 · Network Inventory Advisor · Network Inventory Advisor

Samuel Diazl

Published

2026-06-19

Updated

2026-06-19

CVE-2019-25747

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that allows local attackers to escalate privileges by placing malicious executables in intermediate directories. Attackers can exploit the unquoted path in the service configuration to execute arbitrary code with LocalSystem privileges when the service starts or restarts.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-428

Related Identifiers

CVE-2019-25747

Affected Products

Network Inventory Advisor

PT-2026-50914 · Network Inventory Advisor · Network Inventory Advisor

CVE-2019-25747

Weakness Enumeration

Related Identifiers

Affected Products

References · 5