CVE-2019-25238

MEDIUM

V-SOL GPON/EPON OLT Platform 2.03 - CSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25238. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates a Cross-Site Request Forgery (CSRF) vulnerability in V-SOL GPON/EPON OLT Platform versions up to 2.03. It includes two HTML forms that, when visited by an authenticated user, can add an admin user or enable SSH on the target device without user interaction.

Description

V-SOL GPON/EPON OLT Platform 2.03 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to create admin users, enable SSH, or modify system settings by tricking authenticated administrators into loading a specially crafted page.

Exploits (1)

exploitdb WORKING POC
by LiquidWorm · textwebappshardware
https://www.exploit-db.com/exploits/47434

This exploit demonstrates a Cross-Site Request Forgery (CSRF) vulnerability in V-SOL GPON/EPON OLT Platform versions up to 2.03. It includes two HTML forms that, when visited by an authenticated user, can add an admin user or enable SSH on the target device without user interaction.

Classification
Working Poc 100%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: V-SOL GPON/EPON OLT Platform (versions V2.03.62R_IPv6 and below)
Auth required
Prerequisites: Authenticated user session on the target device · Victim must visit a malicious webpage hosting the CSRF form
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Various Sources product
https://www.vsolcn.com
Third Party Advisory third-party-advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5536.php
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/47434

Scores

CVSS v3 4.3
EPSS 0.0014
EPSS Percentile 4.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-352
Status published
Products (1)
Guangzhou V-SOLUTION Electronic Technology Co., Ltd./SOL GPON/EPON OLT Platform 2.03
Published Dec 24, 2025
Tracked Since Feb 18, 2026