CVE-2019-25231 HIGH

CVE-2019-25231: devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation

Vendor Devolo Ag
Product devolo dLAN Cockpit
Weakness CWE-428
Published January 7, 2026
Last update January 8, 2026

CVSS base score

8.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure service path configuration by inserting malicious code in the system root path to execute with elevated privileges during application startup or system reboot.

Key dates

02Disclosure timeline

January 7, 2026 CVE published
January 8, 2026 Record updated