CVE-2023-53965

SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with...

high 8.4 CVSS 3.1

Published: Dec 22, 2025

Modified: Jan 29, 2026

Vendor: Sound4

Versions: 4.1.102

Description

SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during service startup.

References

Related CVEs

CVSS Breakdown

Version	3.1
Score	8.4 / 10
Severity	high

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness (CWE)

CWE-428

Affected Product

Vendor	Sound4
Product	Impact Firmware
Versions	4.1.102