CVE-2019-25245

HIGH

Ross Video DashBoard 8.5.1 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25245. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit describes an insecure permissions vulnerability in Ross Video DashBoard 8.5.1, where authenticated users can modify or replace the executable due to improper ACLs granting 'Modify' or 'Change' permissions to the 'Authenticated Users' group.

Description

Ross Video DashBoard 8.5.1 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files due to improper permission settings. Attackers can exploit the 'M' or 'C' flags for 'Authenticated Users' group to replace the DashBoard.exe binary with a malicious executable.

Exploits (1)

exploitdb WRITEUP
by LiquidWorm · textlocalwindows
https://www.exploit-db.com/exploits/46742

The exploit describes an insecure permissions vulnerability in Ross Video DashBoard 8.5.1, where authenticated users can modify or replace the executable due to improper ACLs granting 'Modify' or 'Change' permissions to the 'Authenticated Users' group.

Classification
Writeup 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Ross Video DashBoard 8.5.1
Auth required
Prerequisites: Authenticated access to the system · Local file system access
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Various Sources product
https://www.rossvideo.com
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/46742
Third Party Advisory third-party-advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5516.php

Scores

CVSS v3 8.8
EPSS 0.0020
EPSS Percentile 10.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-732
Status published
Products (1)
Ross Video Ltd./DashBoard 8.5.1
Published Dec 24, 2025
Tracked Since Feb 18, 2026