Cyber Resilience

CVE-2019-25279

MediumPublic PoC

Published: 08 January 2026

Published
08 January 2026
Modified
16 January 2026
KEV Added
Patch
CVSS Score v4 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0006 17.4th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-25279 is a medium-severity Cleartext Storage of Sensitive Information (CWE-312) vulnerability in Iwt Facesentry Access Control System Firmware. Its CVSS base score is 6.8 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked at the 17.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-28 (Protection of Information at Rest).

Deeper analysis

CVE-2019-25279 is a cleartext password storage vulnerability (CWE-312) affecting the FaceSentry Access Control System version 6.4.8. The issue resides in the device's SQLite database at /faceGuard/database/FaceSentryWeb.sqlite, where sensitive login credentials are stored without encryption, allowing direct access to unencrypted information.

Attackers can exploit this vulnerability remotely over the network with low complexity, no privileges, and no user interaction required, as indicated by its CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Successful exploitation enables reading of plaintext credentials from the database without additional authentication, potentially granting unauthorized access to the system or related resources.

Advisories referenced in IBM X-Force Exchange (https://exchange.xforce.ibmcloud.com/vulnerabilities/163190), Packet Storm Security (https://packetstormsecurity.com/files/153501), and Zero Science Lab (https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5529.php) document the vulnerability details but do not specify patches or mitigations in the provided information.

EU & UK References

Vulnerability details

FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the device's SQLite database. Attackers can directly read sensitive login information stored in /faceGuard/database/FaceSentryWeb.sqlite without additional authentication.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Direct cleartext credential storage in a local SQLite database file enables reading of unsecured credentials from files.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2019-25243Same product: Iwt Facesentry Access Control System
CVE-2019-25241Same product: Iwt Facesentry Access Control System
CVE-2025-26495Shared CWE-312
CVE-2025-22896Shared CWE-312
CVE-2025-12774Shared CWE-312
CVE-2024-55027Shared CWE-312
CVE-2024-23942Shared CWE-312
CVE-2026-27520Shared CWE-312
CVE-2026-8596Shared CWE-312
CVE-2026-34833Shared CWE-312

Affected Assets

iwt
facesentry access control system firmware
5.7.0, 5.7.2, 6.4.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates confidentiality protections for sensitive information at rest, directly preventing unauthorized disclosure of cleartext credentials stored in the SQLite database.

prevent

Requires protection of authenticator content from unauthorized disclosure, addressing the insecure storage of plaintext login credentials.

prevent

Enforces approved authorizations for logical access to the database file, mitigating direct reading of unencrypted credentials without authentication.

References