CVE-2019-25256

MEDIUM

VideoFlow Digital Video Protection DVP 2.10 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25256. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates an authenticated directory traversal vulnerability in VideoFlow Digital Video Protection DVP 10. The 'ID' parameter in multiple Perl scripts is not properly sanitized, allowing arbitrary file disclosure via path traversal sequences.

Description

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulating directory path traversal in download requests.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappsperl

https://www.exploit-db.com/exploits/44386

View Code ZIP pw:eip

This exploit demonstrates an authenticated directory traversal vulnerability in VideoFlow Digital Video Protection DVP 10. The 'ID' parameter in multiple Perl scripts is not properly sanitized, allowing arbitrary file disclosure via path traversal sequences.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: VideoFlow Digital Video Protection DVP 10 (version 2.10, X-Prototype-Version: 1.6.0.2)

Auth required

Prerequisites: Authenticated session (valid session cookie) · Network access to the target system

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/44386

Various Sources product

http://www.video-flow.com

Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5454.php

Scores

CVSS v3 6.5

EPSS 0.0054

EPSS Percentile 41.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (3)

VideoFlow Ltd./Digital Video Protection DVP 1.40.0.15

VideoFlow Ltd./Digital Video Protection DVP 2.10

VideoFlow Ltd./Digital Video Protection DVP 2.10.0.5

Published Dec 24, 2025

Tracked Since Feb 18, 2026