CVE-2024-58315

Published: Dec 30, 2025Modified: Jan 16, 2026

8.5

Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: disclosure@vulncheck.com (Secondary)

Description

Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the service startup process by inserting malicious code in the system root path, enabling unauthorized code execution during application startup or system reboot.

Affected (1)

Products: Tosi: Tosibox Key

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tosi Tosibox Key	Up to 3.3.0

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (5)

https://packetstormsecurity.com/files/177260/

Source: disclosure@vulncheck.com

Third Party Advisory

https://www.tosi.net/

Source: disclosure@vulncheck.com

Product

https://www.vulncheck.com/advisories/tosibox-key-service-local-privilege-escalation-via-unquoted-service-path

Source: disclosure@vulncheck.com

Third Party Advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5812.php

Source: disclosure@vulncheck.com

ExploitThird Party Advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5812.php

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.