CVE-2019-25257

MEDIUM

LogicalDOC Enterprise 7.7.4 - Command Injection

Title source: llm

Description

LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command, ocr.Tesseract.path, and other system paths to execute arbitrary system commands with elevated privileges.

Exploits (1)

exploitdb WORKING POC
by LiquidWorm · textwebappsjava
https://www.exploit-db.com/exploits/44021

References (3)

Scores

CVSS v3 6.5
EPSS 0.0007
EPSS Percentile 21.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE
CWE-426
Status draft

Timeline

Published Dec 24, 2025
Tracked Since Feb 18, 2026