Primary

Context

Easy-Hide-IP Unquoted Service Path Vulnerability in EasyRedirect Allowing Privilege Escalation

Vulnerability

A vulnerability exists in Easy-Hide-IP version 5.0.0.3 within the EasyRedirect service, where an unquoted service path could allow local attackers to execute arbitrary code. The flaw arises because the service path in 'C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe' is unquoted, enabling the injection of malicious executables that could be executed with elevated privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of code with elevated privileges on the affected system.

Reproduction

The vulnerability can be reproduced by exploiting the unquoted service path. After injecting a malicious executable into the path, the EasyRedirect service can be started, executing the injected code with elevated privileges.

Added: Feb 5, 2026, 12:52 AM

Updated: Feb 5, 2026, 12:52 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.2

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.2

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Easy-Hide-IP Unquoted Service Path Vulnerability in EasyRedirect Allowing Privilege Escalation

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating