Cyber Resilience

CVE-2019-25355

HighPublic PoC

Published: 18 February 2026

Published
18 February 2026
Modified
26 February 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0121 64.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25355 is a high-severity Path Traversal (CWE-22) vulnerability in Genivia Gsoap. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 35.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2019-25355 is a directory traversal vulnerability (CWE-22) affecting gSOAP 2.8, a toolkit for developing SOAP/XML web services. The flaw enables unauthenticated attackers to access system files through HTTP path traversal techniques in crafted GET requests containing multiple '../' sequences. For example, attackers can retrieve sensitive files such as /etc/passwd. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with network accessibility and low attack complexity.

Unauthenticated remote attackers can exploit this vulnerability over the network without privileges or user interaction. By sending specially crafted GET requests to a vulnerable gSOAP 2.8 instance, they can traverse directories and read arbitrary files on the server, potentially exposing sensitive configuration data, credentials, or user information.

Advisories and related resources include a proof-of-concept exploit on Exploit-DB (https://www.exploit-db.com/exploits/47653), the vendor's gSOAP product page (https://www.genivia.com/products.html#gsoap), the Genivia website (https://www.genivia.com/), and a VulnCheck advisory (https://www.vulncheck.com/advisories/genivia-gsoap-gsoap-path-traversal). These references provide further details on the issue, though specific patch information is not detailed in the CVE description.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive files like /etc/passwd by sending crafted GET requests with multiple '../' directory traversal sequences.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Directory traversal in public-facing gSOAP web service directly enables remote exploitation of the application (T1190) and arbitrary local file reads such as /etc/passwd (T1005).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-66687Shared CWE-22
CVE-2025-26753Shared CWE-22
CVE-2025-44177Shared CWE-22
CVE-2023-42226Shared CWE-22
CVE-2026-39859Shared CWE-22
CVE-2024-55457Shared CWE-22
CVE-2025-8343Shared CWE-22
CVE-2026-23939Shared CWE-22
CVE-2025-27098Shared CWE-22
CVE-2025-69411Shared CWE-22

Affected Assets

genivia
gsoap
2.8.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2019-25355 by identifying, prioritizing, and remediating the directory traversal flaw in gSOAP 2.8 through patching or upgrades.

prevent

Validates and sanitizes HTTP GET request paths to block malicious directory traversal sequences like multiple '../' before processing.

preventdetect

Enforces boundary protection at web service interfaces to monitor and block crafted HTTP requests exploiting path traversal.

References