What is GHSA-r472-vxph-wqrf?

GHSA-r472-vxph-wqrf is a security advisory published by GitHub Security Advisories with High severity. Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service...

Which CVE IDs does GHSA-r472-vxph-wqrf cover?

GHSA-r472-vxph-wqrf covers the following CVE IDs: CVE-2020-37231. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-r472-vxph-wqrf?

GHSA-r472-vxph-wqrf has a CVSS v3 base score of 7.8, published by GitHub Security Advisories.

GHSA-r472-vxph-wqrfHighCVSS 7.8

Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service...

Vendor

GitHub Security Advisories

Published

May 16, 2026

Last Modified

May 16, 2026

🔗 CVE IDs covered (1)

CVE-2020-37231 →

📋 Description

Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Attackers can place malicious executables in the unquoted path directories to execute arbitrary code with LocalSystem privileges during service startup or system reboot.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2020-37231
https://www.cybertronsoft.com
https://www.cybertronsoft.com/download/privacy-drive-setup.exe
https://www.exploit-db.com/exploits/49023
https://www.vulncheck.com/advisories/privacy-drive-unquoted-service-path-privilege-escalation
https://github.com/advisories/GHSA-r472-vxph-wqrf