Primary

Context

VPN Unlimited Unquoted Service Path Vulnerability Allowing Local Privilege Escalation

Vulnerability

A vulnerability in VPN Unlimited version 6.1 for Windows creates an unquoted service path issue. This flaw allows local attackers to inject malicious executables into the service binary path. Exploitation of this vulnerability could lead to unauthorized replacement of the service executable, granting elevated system privileges to the attacker.

Impact

Exploitation of this vulnerability could result in local privilege escalation, allowing an attacker to gain elevated system rights.

Reproduction

The vulnerability can be reproduced by replacing the service executable with a malicious one, taking advantage of the unquoted service path. After the malicious executable is placed in the service binary path, the VPN Unlimited service can be restarted, which will execute the injected payload with elevated privileges.

Added: Feb 3, 2026, 3:49 PM

Updated: Feb 3, 2026, 5:23 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.2

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.2

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

VPN Unlimited Unquoted Service Path Vulnerability Allowing Local Privilege Escalation

Vulnerability

Impact

Reproduction

Affected Products

VPN Unlimited

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating