CVE-2019-25275

Name of the Vulnerable Software and Affected Versions BartVPN version 1.2.2

Description BartVPN version 1.2.2 has an unquoted service path issue in the BartVPNService. This allows local attackers to potentially run arbitrary code with higher system rights. Attackers can take advantage of the unquoted binary path by putting malicious executables in certain file system locations to take control of the service’s execution environment.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the BartVPNService to minimize the risk of exploitation.