What is the CVSS score of CVE-2019-25441?

CVE-2019-25441 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 3.4%.

Which versions of Thesystem are affected by CVE-2019-25441?

An unauthenticated remote code execution vulnerability in thesystem 1.0 allows attackers to execute arbitrary commands on affected systems with no authentication required.

Is there a public PoC exploit available for CVE-2019-25441?

Yes, a public proof-of-concept exploit is available for CVE-2019-25441. Prioritise patching immediately. EPSS: 3.4%.

How to fix or mitigate CVE-2019-25441?

Within 24 hours: Inventory all instances of thesystem 1.0 in production and development environments and immediately isolate or take offline any instances exposed to untrusted networks. Within 7 days: Implement emergency compensating controls (network segmentation, WAF rules blocking run_command endpoint, access restrictions) and begin evaluation of alternative solutions or vendor communication for patch timeline. Within 30 days: Deploy replacement software or establish long-term mitigation strategy; conduct forensic analysis of logs for evidence of exploitation.

Thesystem CVE-2019-25441

CRITICAL

OS Command Injection (CWE-78)

2026-02-20 disclosure@vulncheck.com

Command Injection Thesystem

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:04 vuln.today

PoC Detected

Mar 12, 2026 - 16:12 vuln.today

Public exploit code

CVE Published

Feb 20, 2026 - 23:16 nvd

CRITICAL 9.8

DescriptionCVE.org

thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the run_command endpoint. Attackers can send POST requests with shell commands in the command parameter to execute arbitrary code on the server without authentication.

AnalysisAI

Unauthenticated command injection in thesystem 1.0. EPSS 3.4%. PoC available.

Technical ContextAI

CWE-78.

RemediationAI

Apply patch.

CVE-2019-25441 vulnerability details – vuln.today

Back

Thesystem CVE-2019-25441

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code