CVE-2023-53965 HIGH

CVE-2023-53965: SOUND4 Server Service 4.1.102 Local Privilege Escalation via Unquoted Service Path

Vendor Sound4 Ltd.
Product SOUND4 Server Service
Weakness CWE-428
Published December 22, 2025
Last update December 22, 2025

CVSS base score

8.6/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during service startup.

Key dates

02Disclosure timeline

December 22, 2025 CVE published
December 22, 2025 Record updated