Cyber Resilience

CVE-2019-25472

HighPublic PoC

Published: 11 March 2026

Published
11 March 2026
Modified
12 March 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0030 21.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25472 is a high-severity External Control of File Name or Path (CWE-73) vulnerability in Intelbras (inferred from references). Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 21.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2019-25472 is an unauthenticated arbitrary file read vulnerability affecting IntelBras Telefone IP TIP200 and 200 LITE devices. The issue resides in the dumpConfigFile function, which is exposed via the cgiServer.exx endpoint without proper authorization checks. Attackers can exploit this by sending unauthenticated GET requests to /cgi-bin/cgiServer.exx with a command parameter set to dumpConfigFile(), enabling the retrieval of sensitive files such as /etc/shadow and device configuration files. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is associated with CWE-73.

Any remote attacker with network access to the affected device can exploit this vulnerability without authentication, privileges, or user interaction. Successful exploitation allows the attacker to read arbitrary files, potentially exposing hashed passwords from /etc/shadow, administrative credentials, and other configuration data stored on the device. This high confidentiality impact can facilitate further attacks, such as credential theft for lateral movement or privilege escalation within the network.

Advisories and related resources include an IntelBras integration document, a proof-of-concept exploit on Exploit-DB (ID 47337), and a Vulncheck advisory detailing the arbitrary file read via dumpConfigFile. These references provide technical details and exploitation demonstrations but do not specify patches or mitigations in the available information.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send GET requests to /cgi-bin/cgiServer.exx with the command parameter containing dumpConfigFile() to read sensitive files…

more

including /etc/shadow and configuration files without proper authorization.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
T1003.008 /etc/passwd and /etc/shadow Credential Access
Adversaries may attempt to dump the contents of <code>/etc/passwd</code> and <code>/etc/shadow</code> to enable offline password cracking.
Why these techniques?

Unauthenticated arbitrary file read via public CGI endpoint directly enables T1190 exploitation and T1005/T1552.001/T1003.008 file/credential access on /etc/shadow.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-53912Shared CWE-73
CVE-2025-0211Shared CWE-73
CVE-2026-33354Shared CWE-73
CVE-2024-12036Shared CWE-73
CVE-2026-29611Shared CWE-73
CVE-2026-29962Shared CWE-73
CVE-2026-5210Shared CWE-73
CVE-2026-8043Shared CWE-73
CVE-2026-43891Shared CWE-73
CVE-2025-65473Shared CWE-73

Affected Assets

Intelbras
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for access to the dumpConfigFile function via the cgiServer.exx endpoint, preventing unauthenticated arbitrary file reads.

prevent

Limits and documents specific actions permitted without identification or authentication, prohibiting unauthenticated access to sensitive file-reading functions like dumpConfigFile.

prevent

Validates inputs to the command parameter in cgiServer.exx requests to block arbitrary file paths or malicious commands in dumpConfigFile.

References