What is CVE-2020-37253?

CVE-2020-37253 is a high-severity vulnerability in Winstep, classified under Unquoted Search Path or Element. CVSS score: 7.8/10. Published 2026-06-19.

How severe is CVE-2020-37253?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Winstep

CVE-2020-37253

Winstep 18.06.0096 contains an unquoted service path vulnerability in the Winstep Xtreme Service that allows local attackers to escalate privileges. Attackers can place malicious executables in the Program Files directory to be executed wi…

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Winstep — versions 18.06.0096

Weakness classification (CWE)

CWE-428 — Unquoted Search Path or Element

References

disclosure@vulncheck.com (exploit)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2020-37253?: CVE-2020-37253 is a high-severity vulnerability in Winstep, classified under Unquoted Search Path or Element. CVSS score: 7.8/10. Published 2026-06-19.
How severe is CVE-2020-37253?: High severity. CVSS v3 base score is 7.8 out of 10.