CVE-2018-25311 HIGH

CVE-2018-25311: VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal

Vendor Videoflow Ltd.
Product VideoFlow Digital Video Protection
Weakness CWE-22 · Path traversal
Published April 29, 2026
Last update May 26, 2026

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl, download_xml.pl, download.pl, downloadmib.pl, or downloadFile.pl with directory traversal payloads to read sensitive system files like /etc/passwd.

Key dates

02Disclosure timeline

April 29, 2026 CVE published
May 26, 2026 Record updated