CVE-2019-25307

Name of the Vulnerable Software and Affected Versions WorkgroupMail version 7.5.1

Description The software contains an unquoted service path vulnerability in its Windows service configuration. This allows local attackers to potentially execute arbitrary code. Exploitation involves leveraging the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.

Recommendations Apply appropriate quoting to the service path configuration to prevent the execution of unauthorized code.