CVE-2024-58315

Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the service startup process by inserting malicious code in the system root path, enabling unauthorized code execution during application startup or system reboot.

CVSS v3 8.4 HIGH

8.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://packetstormsecurity.com/files/177260/	Third Party Advisory
https://www.tosi.net/	Product
https://www.vulncheck.com/advisories/tosibox-key-service-local-privilege-escalation-via-unquoted-service-path	Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5812.php	Third Party Advisory Exploit
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5812.php	Third Party Advisory Exploit

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:tosi:tosibox_key:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

09 Jan 2026, 22:02

Type	Values Removed	Values Added
References	~~() https://packetstormsecurity.com/files/177260/ -~~	() https://packetstormsecurity.com/files/177260/ - Third Party Advisory
References	~~() https://www.tosi.net/ -~~	() https://www.tosi.net/ - Product
References	~~() https://www.vulncheck.com/advisories/tosibox-key-service-local-privilege-escalation-via-unquoted-service-path -~~	() https://www.vulncheck.com/advisories/tosibox-key-service-local-privilege-escalation-via-unquoted-service-path - Third Party Advisory
References	~~() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5812.php -~~	() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5812.php - Third Party Advisory, Exploit
CPE		cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:tosi:tosibox_key::::::::
First Time		Tosi Microsoft windows Microsoft Tosi tosibox Key

02 Jan 2026, 15:15

Type	Values Removed	Values Added
References	~~() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5812.php -~~	() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5812.php -

30 Dec 2025, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-30 23:15

Updated : 2026-01-09 22:02

NVD link : CVE-2024-58315

Mitre link : CVE-2024-58315

CVE.ORG link : CVE-2024-58315

JSON object : View

Products Affected

tosi

tosibox_key

microsoft

windows

CWE

CWE-428

Unquoted Search Path or Element

8.4 /10