Unquoted Service Path Vulnerability in IObit Uninstaller by IObit
CVE-2020-37223

8.5HIGH

Key Information:

Vendor: Iobit
Status: Iobit Uninstaller
Vendor: CVE Published:; 13 May 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2020-37223?

The IObit Uninstaller 9.5.0.15 contains a vulnerability due to its unquoted service path in the IObitUnSvr service. This flaw allows local attackers to exploit the system by placing a malicious executable named 'IObit.exe' in the default installation directory. By restarting the service, attackers can execute code with elevated SYSTEM privileges, thereby compromising the system's security and integrity. Organizations using affected versions should take immediate steps to mitigate this risk.

Affected Version(s)

IObit Uninstaller 9.5.0.15

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-37223 - Proof of Concept

References

https://www.exploit-db.com/exploits/48543

exploit

https://www.iobit.com

product

https://www.iobit.com/en/advanceduninstaller.php

product

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 13, 2026
👾
Exploit known to exist
May 13, 2026
Vulnerability published
May 13, 2026
Vulnerability Reserved
May 13, 2026

Credit

Gobinathan L

CVE-2020-37223 Data

JSON

Iobit

Badges

What is CVE-2020-37223?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit