cvedb.io
CVE-2020-37253
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2026-06-19T15:16:34.147 · Last modified 2026-06-23T15:42:30.483

Summary

Winstep 18.06.0096 contains an unquoted service path vulnerability in the Winstep Xtreme Service that allows local attackers to escalate privileges. Attackers can place malicious executables in the Program Files directory to be executed with LocalSystem privileges when the service starts.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.