Unquoted Search Path Vulnerability in VeePN Software
CVE-2025-12286

7.3HIGH

Key Information:

Vendor

VeePN

Status
Veepn
Vendor
CVE Published:
27 October 2025

What is CVE-2025-12286?

A vulnerability has been identified in VeePN versions up to 1.6.2, specifically within the AVService component of the software. It resides in the executable located at C:\Program Files (x86)\VeePN\avservice\avservice.exe. The flaw is characterized by an unquoted search path issue, which can potentially be exploited by an attacker with local access, allowing them to manipulate the execution environment. This vulnerability requires a high level of technical skill to exploit effectively, making it difficult but not impossible to leverage.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

VeePN 1.6.0

VeePN 1.6.1

VeePN 1.6.2

References

https://vuldb.com/?id.329954
vdb-entry
https://vuldb.com/?ctiid.329954
signaturepermissions-required
https://vuldb.com/?submit.672512
third-party-advisory

CVSS V4

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

lakshay12311 (VulDB User)
JSON
.