CVE-2019-25255

MEDIUM

VideoFlow DVP 2.10 - Authenticated RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25255. PoCs published by LiquidWorm.

AI-analyzed exploit summary This is a vulnerability writeup describing an authenticated remote code execution flaw in VideoFlow Digital Video Protection DVP 10. It includes details about default credentials, hard-coded SSH credentials, and a demonstration of root shell access via the device's web interface.

Description

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows attackers to execute system commands with root privileges. Attackers can exploit the vulnerability through a cross-site request forgery (CSRF) mechanism to gain unauthorized system access.

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/44387

View Code ZIP pw:eip

This is a vulnerability writeup describing an authenticated remote code execution flaw in VideoFlow Digital Video Protection DVP 10. It includes details about default credentials, hard-coded SSH credentials, and a demonstration of root shell access via the device's web interface.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: VideoFlow Digital Video Protection DVP 10 (versions 2.10, 1.6.0.2, and others)

Auth required

Prerequisites: Valid credentials (default or hard-coded) · Access to the web management interface

MITRE ATT&CK

T1078 - Valid Accounts T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/44387

Various Sources product

http://www.video-flow.com

Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5455.php

Scores

CVSS v3 4.3

EPSS 0.0038

EPSS Percentile 29.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (3)

VideoFlow Ltd./VideoFlow Digital Video Protection DVP 1.40.0.15

VideoFlow Ltd./VideoFlow Digital Video Protection DVP 2.10

VideoFlow Ltd./VideoFlow Digital Video Protection DVP 2.10.0.5

Published Dec 24, 2025

Tracked Since Feb 18, 2026