CVE-2019-25256 HIGH

CVE-2019-25256: VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal

Vendor Videoflow Ltd.
Product Digital Video Protection DVP
Weakness CWE-22 · Path traversal
Published December 24, 2025
Last update December 24, 2025

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulating directory path traversal in download requests.

Key dates

02Disclosure timeline

December 24, 2025 CVE published
December 24, 2025 Record updated