Cyber Resilience

CVE-2019-25465

HighPublic PoC

Published: 11 March 2026

Published
11 March 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0050 39.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25465 is a high-severity Password in Configuration File (CWE-260) vulnerability. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked at the 39.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-6 (Configuration Settings).

Deeper analysis

Hisilicon HiIpcam V100R003 is affected by CVE-2019-25465, a directory traversal vulnerability (CWE-260) in the cgi-bin directory that enables directory listing. This flaw allows unauthenticated attackers to access sensitive configuration files, including through the getadslattr.cgi endpoint, which exposes ADSL credentials and network configuration parameters such as usernames, passwords, and DNS settings. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with no integrity or availability disruption.

Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction required. By sending crafted requests to the vulnerable endpoint, attackers gain unauthorized access to configuration data, potentially enabling further network reconnaissance, credential reuse, or lateral movement within the target's infrastructure.

Advisories from VulnCheck detail the information disclosure via directory traversal, while Exploit-DB hosts a proof-of-concept exploit (ID 47405) demonstrating the issue. No patch or mitigation details are specified in available references.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. Attackers can request the getadslattr.cgi endpoint to retrieve ADSL credentials and network configuration parameters including…

more

usernames, passwords, and DNS settings.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Directory traversal enables direct file/directory access and exposure of credentials in config files on a public-facing device.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates inputs to vulnerable CGI endpoints like getadslattr.cgi to block directory traversal sequences accessing sensitive configuration files.

prevent

Enforces logical access controls to prevent unauthenticated attackers from reaching sensitive files through cgi-bin directory traversal.

prevent

Mandates secure web server configuration settings to disable directory listing and restrict access to endpoints exposing ADSL credentials and network parameters.

References