CVE-2020-37100

low-risk

Published 2026-02-03

Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the service startup process.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (1)

Syncbreeze

Affected Vendors

Flexense

References (3)

Product http://www.syncbreeze.com

Exploit https://www.exploit-db.com/exploits/48045

Third Party Advisory https://www.vulncheck.com/advisories/sync-breeze-enterprise-unquoted-service-pat...

/ 100

low-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal