CVE-2019-25468 CRITICAL

CVE-2019-25468: NetGain EM Plus 10.1.68 Remote Code Execution via script_test.jsp

Vendor Netgain Systems
Product NetGain EM Plus
Weakness CWE-94 · Code injection
Published March 11, 2026
Last update April 7, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious parameters to the script_test.jsp endpoint. Attackers can send POST requests with shell commands embedded in the 'content' parameter to execute code and retrieve command output.

Key dates

02Disclosure timeline

March 11, 2026 CVE published
April 7, 2026 Record updated