QwikSec

Security Database

CVE

CWE

Training

CVE-2025-66575

Published: Dec 4, 2025

Modified: Dec 5, 2025

PUBLISHED

Description

VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSystem.

Vendor	Product	Versions
VeePN	VeeVPN	affected `1.6.1`

Weaknesses (CWE)

References

ExploitDB-52088

exploit

product

VeePN GitHub Repository

product

https://www.vulncheck.com/advisories/veevpn-161-unquoted-service-path-remote-code-execution

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.