CVE-2019-25255

Summary

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows attackers to execute system commands with root privileges. Attackers can exploit the vulnerability through a cross-site request forgery (CSRF) mechanism to gain unauthorized system access.

Affected Software

VendorProductVersion RangeStatus
VideoFlow Ltd.VideoFlow Digital Video Protection DVP2.10affected
VideoFlow Ltd.VideoFlow Digital Video Protection DVP1.40.0.15affected
VideoFlow Ltd.VideoFlow Digital Video Protection DVP2.10.0.5affected

Weaknesses

  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References