TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnerability in the CCSrvProxy service that allows local attackers to execute arbitrary code. A…

CVE-2019-25272 affects TexasSoft CyberPlanet version 6.4.131, containing an unquoted service path vulnerability in the CCSrvProxy service. The vulnerability exists in the path 'C:\Program Files (x86)\TenaxSoft\CyberPlanet\SrvProxy.exe' and allows local attackers to execute arbitrary code. Attackers can exploit this unquoted path to inject malicious executables into the service path. Successful exploitation leads to elevated system privileges on the affected system. This is a local privilege escalation vulnerability that requires initial access to the system.