QwikSec

Security Database

CVE

CWE

Training

CVE-2024-58288

Published: Dec 11, 2025

Modified: Dec 18, 2025

PUBLISHED

Description

Genexus Protection Server 9.7.2.10 contains an unquoted service path vulnerability in the protsrvservice Windows service configuration. Attackers can exploit the unquoted binary path to execute arbitrary code with elevated LocalSystem privileges by placing malicious executables in specific file system locations.

Vendor	Product	Versions
Genexus	Genexus Protection Server	affected `9.7.2.10`

Weaknesses (CWE)

References

ExploitDB-52065

exploit

Official Genexus Homepage

product

Genexus Software Download Center

product

VulnCheck Advisory: Genexus Protection Server 9.7.2.10 Unquoted Service Path Privilege Escalation

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.