NetBT e-Fatura - Privilege Escalation
NetBT e-Fatura - Privilege Escalation
AI Analysis
Technical Summary
The NetBT e-Fatura application has a privilege escalation vulnerability identified as CVE-2025-14018, caused by an unquoted search path or element (CWE-428). This allows local attackers to place malicious executables in a directory path that the InboxProcessor service loads, which runs with LocalSystem privileges. Because the directory 'C:\inetpub\wwwroot\InboxProcessor\' is writable by standard users, an attacker can replace or insert malicious binaries that will be executed with elevated privileges when the service starts. The vulnerability was confirmed on version 2024 of the software running on Windows Server 2019 DC. Exploit code is publicly available in text format.
Potential Impact
An unauthorized local user can gain elevated privileges on the affected system by exploiting this vulnerability, potentially allowing full control over the system under the LocalSystem account. This can lead to complete compromise of the host, unauthorized access to sensitive data, and disruption of services.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict write permissions to the directory 'C:\inetpub\wwwroot\InboxProcessor\' to prevent unauthorized modification. Avoid running the InboxProcessor service with LocalSystem privileges if possible, or apply least privilege principles. Monitor for any suspicious activity related to this service. Follow updates from the vendor at https://net-bt.com.tr/e-fatura/ for official patches or mitigations.
Indicators of Compromise
- exploit-code: # Exploit Title: NetBT e-Fatura - Privilege Escalation # Author: Seccops # Discovery Date: 2025-10-03 # Vendor: https://net-bt.com.tr/e-fatura/ # Tested Version: 2024 # Tested on OS: Microsoft Windows Server 2019 DC # Vulnerability Type: CWE-428 Unquoted Search Path or Element # CVE: CVE-2025-14018 Note: Thanks "Levent Sungu" for providing the testing environment. ==================== Description & Impact ==================== This vulnerability allows an unauthorized local user to execute arbitrary code with high privileges on the system. ================ Proof of Concept ================ C:\Users\efatura>sc qc InboxProcessor [SC] QueryServiceConfig SUCCESS SERVICE_NAME: InboxProcessor TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\inetpub\wwwroot\InboxProcessor\Netbt.Inbox.Process.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : InboxProcessor DEPENDENCIES : SERVICE_START_NAME : LocalSystem C:\Users\efatura\Desktop>accesschk.exe /accepteula -uwdq "C:\inetpub\wwwroot\InboxProcessor\" Accesschk v6.15 - Reports effective permissions for securable objects Copyright (C) 2006-2022 Mark Russinovich Sysinternals - www.sysinternals.com C:\inetpub\wwwroot\InboxProcessor RW BUILTIN\Users RW NT SERVICE\TrustedInstaller RW NT AUTHORITY\SYSTEM RW BUILTIN\Administrators
NetBT e-Fatura - Privilege Escalation
Description
NetBT e-Fatura - Privilege Escalation
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The NetBT e-Fatura application has a privilege escalation vulnerability identified as CVE-2025-14018, caused by an unquoted search path or element (CWE-428). This allows local attackers to place malicious executables in a directory path that the InboxProcessor service loads, which runs with LocalSystem privileges. Because the directory 'C:\inetpub\wwwroot\InboxProcessor\' is writable by standard users, an attacker can replace or insert malicious binaries that will be executed with elevated privileges when the service starts. The vulnerability was confirmed on version 2024 of the software running on Windows Server 2019 DC. Exploit code is publicly available in text format.
Potential Impact
An unauthorized local user can gain elevated privileges on the affected system by exploiting this vulnerability, potentially allowing full control over the system under the LocalSystem account. This can lead to complete compromise of the host, unauthorized access to sensitive data, and disruption of services.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict write permissions to the directory 'C:\inetpub\wwwroot\InboxProcessor\' to prevent unauthorized modification. Avoid running the InboxProcessor service with LocalSystem privileges if possible, or apply least privilege principles. Monitor for any suspicious activity related to this service. Follow updates from the vendor at https://net-bt.com.tr/e-fatura/ for official patches or mitigations.
Technical Details
- Edb Id
- 52509
- Has Exploit Code
- true
- Code Language
- text
Indicators of Compromise
Exploit Source Code
Exploit code for NetBT e-Fatura - Privilege Escalation
# Exploit Title: NetBT e-Fatura - Privilege Escalation # Author: Seccops # Discovery Date: 2025-10-03 # Vendor: https://net-bt.com.tr/e-fatura/ # Tested Version: 2024 # Tested on OS: Microsoft Windows Server 2019 DC # Vulnerability Type: CWE-428 Unquoted Search Path or Element # CVE: CVE-2025-14018 Note: Thanks "Levent Sungu" for providing the testing environment. ==================== Description & Impact ==================== This vulnerability allows an unauthorized local user to execute arbi... (979 more characters)
Threat ID: 69da14bc1cc7ad14da6c87be
Added to database: 4/11/2026, 9:30:36 AM
Last enriched: 4/11/2026, 9:30:40 AM
Last updated: 4/11/2026, 3:36:52 PM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.