CVE-2018-25311
Published: 29 April 2026
Summary
CVE-2018-25311 is a high-severity Path Traversal (CWE-22) vulnerability in Zeroscience (inferred from references). Its CVSS base score is 7.1 (High).
Operationally, ranked in the top 30.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-21832
Vulnerability details
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl, download_xml.pl, download.pl, downloadmib.pl,…
more
or downloadFile.pl with directory traversal payloads to read sensitive system files like /etc/passwd.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.