PT-2026-50916 · Real · Realtimes Desktop Service

Erick Galindo

Published

2026-06-19

Updated

2026-06-19

CVE-2020-37251

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

RealTimes Desktop Service 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories to execute arbitrary code with LocalSystem privileges during service startup or system reboot.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-428

Related Identifiers

CVE-2020-37251

Affected Products

Realtimes Desktop Service

PT-2026-50916 · Real · Realtimes Desktop Service

CVE-2020-37251

Weakness Enumeration

Related Identifiers

Affected Products

References · 4