Vulnerability Description
The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\Program.exe. If the service runs with elevated privileges, exploitation results in privilege escalation to SYSTEM level. This vulnerability arises from an unquoted service path affecting systems where the executable resides in a path containing spaces. Affected products and versions include: ABP 2.0.7.6130 and earlier as well as AES 1.0.6.6133 and earlier.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-8070?
CVE-2025-8070 is a documented vulnerability. The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable i...
How severe is CVE-2025-8070?
CVSS scoring is not yet available for CVE-2025-8070. Check NVD for updates.
Is there a patch for CVE-2025-8070?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.