Cyber Resilience

CVE-2019-25483

HighPublic PoC

Published: 11 March 2026

Published
11 March 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0013 2.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25483 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 2.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2019-25483 is a restricted shell escape vulnerability affecting the Comtrend AR-5310 router with firmware version GE31-412SSG-C01_R10.A2pG039u.d24k. The flaw enables local users to bypass command restrictions by leveraging the command substitution operator $( ) to inject arbitrary commands. This occurs when such syntax is passed as arguments to permitted commands like ping, resulting in unrestricted shell access. The vulnerability carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-306 (Missing Authentication for Critical Function).

The attack requires local access to the device but no authentication privileges (PR:N), making it exploitable by any local user. Attackers can craft inputs using the $( ) operator within allowed commands to execute arbitrary shell commands, bypassing the restricted shell environment. Successful exploitation grants high-impact privileges, including full confidentiality, integrity, and availability compromise through unrestricted shell access.

Advisories such as the Vulncheck report (https://www.vulncheck.com/advisories/comtrend-ar-5310-ge31-412ssg-c01-r10-a2pg039u-d24k-restricted-shell-escape) detail the vulnerability, and a proof-of-concept exploit is publicly available on Exploit-DB (https://www.exploit-db.com/exploits/47149). No patches or specific mitigation guidance are mentioned in the provided references.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $( ). Attackers can inject arbitrary commands through the $( ) syntax when passed as arguments to…

more

allowed commands like ping to execute unrestricted shell access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
T1202 Indirect Command Execution Stealth
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
Why these techniques?

Direct restricted Unix shell escape via command substitution enables arbitrary command execution (T1059.004) and indirect command execution through permitted utilities (T1202).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2023-54344Shared CWE-306
CVE-2023-54342Shared CWE-306
CVE-2025-52089Shared CWE-306
CVE-2026-39987Shared CWE-306
CVE-2026-35546Shared CWE-306
CVE-2025-27020Shared CWE-306
CVE-2018-25224Shared CWE-306
CVE-2025-12548Shared CWE-306
CVE-2026-4810Shared CWE-306
CVE-2025-59695Shared CWE-306

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates and sanitizes command arguments to allowed utilities like ping, preventing injection of command substitution $( ) that enables shell escapes.

prevent

Enforces strict access control policies in the restricted shell to block unauthorized command execution beyond permitted functions.

prevent

Applies least privilege to local users and shell processes, limiting the scope and impact of any successful command injection escapes.

References