Primary

Context

Amiti Antivirus Unquoted Service Path Vulnerability Allowing Code Execution

Vulnerability

A vulnerability exists in Amiti Antivirus version 25.0.640 due to an unquoted service path in its Windows service configurations. This flaw allows attackers to inject and execute malicious code with elevated LocalSystem privileges by placing executable files in specific directory locations.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution with LocalSystem privileges.

Reproduction

The vulnerability can be reproduced by querying the service configuration for 'AmitiAvHealth' and 'AmitiAvSrv' using the 'sc qc' command. This will reveal the unquoted service paths. Once the unquoted path is identified, an executable can be placed in a directory that exploits this misconfiguration, allowing for code execution with elevated privileges.

Added: Feb 5, 2026, 12:44 AM

Updated: Feb 5, 2026, 12:44 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.2

remediation

0.0

relevance

2.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.2

remediation

0.0

relevance

2.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Amiti Antivirus Unquoted Service Path Vulnerability Allowing Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating