Cyber Resilience

CVE-2019-25468

CriticalPublic PoCRCE

Published: 11 March 2026

Published
11 March 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0076 50.4th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2019-25468 is a critical-severity Code Injection (CWE-94) vulnerability in Netgain Systems (inferred from references). Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 49.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-14 (Public Access Protections) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2019-25468 is a remote code execution vulnerability affecting NetGain EM Plus version 10.1.68. The issue lies in the script_test.jsp endpoint, which processes POST requests insecurely. Unauthenticated attackers can submit malicious parameters, embedding arbitrary shell commands in the 'content' parameter, leading to command execution and retrieval of output. This flaw is classified under CWE-94 (Code Injection) with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

The attack scenario targets systems exposing the script_test.jsp endpoint over the network. Unauthenticated remote attackers require no privileges, user interaction, or special access, making exploitation straightforward via crafted POST requests. Successful attacks allow full remote code execution, providing high-impact compromise of confidentiality, integrity, and availability, such as running system commands to escalate control over the affected NetGain EM Plus instance.

References include a VulnCheck advisory detailing the remote code execution via script_test.jsp, an Exploit-DB proof-of-concept (exploit ID 47391), and the vendor site at netgain-systems.com. These sources confirm the vulnerability's mechanics and public exploit availability but do not specify patch details or mitigation steps in the provided information.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious parameters to the script_test.jsp endpoint. Attackers can send POST requests with shell commands embedded in the 'content' parameter…

more

to execute code and retrieve command output.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Unauthenticated RCE via command injection in a public-facing web endpoint (script_test.jsp) directly enables T1190 (Exploit Public-Facing Application) and facilitates arbitrary system command execution (T1059 Command and Scripting Interpreter).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-26045Shared CWE-94
CVE-2024-11600Shared CWE-94
CVE-2025-67979Shared CWE-94
CVE-2025-6000Shared CWE-94
CVE-2024-54756Shared CWE-94
CVE-2026-42898Shared CWE-94
CVE-2025-71281Shared CWE-94
CVE-2025-70830Shared CWE-94
CVE-2024-55022Shared CWE-94
CVE-2025-22906Shared CWE-94

Affected Assets

Netgain Systems
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents code injection attacks by validating and sanitizing the 'content' parameter submitted to the script_test.jsp endpoint.

prevent

Remediates the specific remote code execution flaw in NetGain EM Plus 10.1.68 by identifying, prioritizing, and applying patches or fixes.

prevent

Protects the publicly accessible script_test.jsp endpoint from unauthorized unauthenticated access and exploitation via enforced security measures.

References