CVE-2019-25256

MEDIUM

VideoFlow Digital Video Protection DVP 2.10 - Path Traversal

Title source: llm

Description

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulating directory path traversal in download requests.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappsperl

https://www.exploit-db.com/exploits/44386

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/44386

Various Sources product

http://www.video-flow.com

Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5454.php

Scores

CVSS v3 6.5

EPSS 0.0071

EPSS Percentile 72.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (3)

VideoFlow Ltd./Digital Video Protection DVP 1.40.0.15

VideoFlow Ltd./Digital Video Protection DVP 2.10

VideoFlow Ltd./Digital Video Protection DVP 2.10.0.5

Published Dec 24, 2025

Tracked Since Feb 18, 2026