NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquote…

CVE-2019-25271 affects NETGATE Data Backup version 3.0.620, containing an unquoted service path vulnerability in the NGDatBckpSrv Windows service. The vulnerability allows attackers to exploit the unquoted path configuration to inject and execute malicious code with LocalSystem privileges. Exploitation occurs by placing executable files in specific directory locations that take advantage of the improper path configuration. This represents a privilege escalation vulnerability that could allow attackers to gain system-level access on affected Windows systems running the vulnerable backup software.