CVE-2019-25255 HIGH

CVE-2019-25255: VideoFlow Digital Video Protection DVP 2.10 Authenticated Remote Code Execution

Vendor Videoflow Ltd.
Product VideoFlow Digital Video Protection DVP
Weakness CWE-78
Published December 24, 2025
Last update December 24, 2025
View on NVD All CVEs

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows attackers to execute system commands with root privileges. Attackers can exploit the vulnerability through a cross-site request forgery (CSRF) mechanism to gain unauthorized system access.

Key dates

02Disclosure timeline

December 24, 2025 CVE published
December 24, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-41497 Incomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAI CVE-2025-46422 CVE-2024-43652 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station CVE-2023-21411 Non-sanitized user input could lead to arbitrary code execution during Access Control configuration in AXIS License Plate Verifier CVE-2026-27806 Fleet Affected by Local Privilege Escalation via Tcl Command Injection in Orbit