CVE-2019-25257

MEDIUM

LogicalDOC Enterprise 7.7.4 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25257. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates authenticated command execution in LogicalDOC Enterprise by manipulating binary paths in settings. It includes multiple PoCs for RCE via antivirus, OCR, and other system commands.

Description

LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command, ocr.Tesseract.path, and other system paths to execute arbitrary system commands with elevated privileges.

Exploits (1)

exploitdb WORKING POC
by LiquidWorm · textwebappsjava
https://www.exploit-db.com/exploits/44021

This exploit demonstrates authenticated command execution in LogicalDOC Enterprise by manipulating binary paths in settings. It includes multiple PoCs for RCE via antivirus, OCR, and other system commands.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: LogicalDOC Enterprise 7.7.4 and earlier
Auth required
Prerequisites: Authenticated access to LogicalDOC · Ability to modify system settings
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/44021
Various Sources product
https://www.logicaldoc.com
Third Party Advisory third-party-advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5452.php

Scores

CVSS v3 6.5
EPSS 0.0035
EPSS Percentile 26.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-426
Status published
Products (9)
LogicalDOC Srl/LogicalDOC Enterprise 7.1.1
LogicalDOC Srl/LogicalDOC Enterprise 7.4.2
LogicalDOC Srl/LogicalDOC Enterprise 7.5.1
LogicalDOC Srl/LogicalDOC Enterprise 7.6.2
LogicalDOC Srl/LogicalDOC Enterprise 7.6.4
LogicalDOC Srl/LogicalDOC Enterprise 7.7.1
LogicalDOC Srl/LogicalDOC Enterprise 7.7.2
LogicalDOC Srl/LogicalDOC Enterprise 7.7.3
LogicalDOC Srl/LogicalDOC Enterprise 7.7.4
Published Dec 24, 2025
Tracked Since Feb 18, 2026