CVE-2019-25257
Published: 24 December 2025
Summary
CVE-2019-25257 is a high-severity Untrusted Search Path (CWE-426) vulnerability in Zeroscience (inferred from references). Its CVSS base score is 8.7 (High).
Operationally, ranked at the 26.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other Platforms; in the Supply Chain and Deployment risk domain.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-205293
Vulnerability details
LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command, ocr.Tesseract.path, and other system paths to execute arbitrary…
more
system commands with elevated privileges.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: tesseract
Related Threats
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.