Primary

Context

eMPIA Technology AVACAST Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A unquoted service path vulnerability has been identified in AVACAST developed by eMPIA Technology, affecting versions through 5.10.10.43. This vulnerability allows privileged local attackers to place a malicious executable file in a specific directory. When the AVACAST service is started, the malicious executable is executed with system privileges, leading to arbitrary code execution.

Impact

Exploitation of this vulnerability allows for arbitrary code execution with system privileges.

Remediation

Users are advised to update to version 5.10.10.45 or later.

Added: Apr 28, 2026, 10:24 AM

Updated: Apr 28, 2026, 10:24 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

2.8

remediation

0.0

relevance

6.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

2.8

remediation

0.0

relevance

6.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

eMPIA Technology AVACAST Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating