What is the CVSS score of CVE-2019-25472?

CVE-2019-25472 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Is there a public PoC exploit available for CVE-2019-25472?

Yes, a public proof-of-concept exploit is available for CVE-2019-25472. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2019-25472?

Within 24 hours: Identify all IntelBras TIP200/TIP200 LITE devices in your environment and isolate them from untrusted networks; document their locations and configurations. Within 7 days: Implement network segmentation to restrict external access to these devices; monitor for suspicious cgiServer.exx requests in firewall and proxy logs. Within 30 days: Contact IntelBras for patch availability and timeline; evaluate replacement options or deploy WAF rules blocking the dumpConfigFile endpoint if patch timeline is unacceptable.

CVE-2019-25472

HIGH

External Control of File Name or Path (CWE-73)

2026-03-11 disclosure@vulncheck.com

Information Disclosure

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:07 vuln.today

PoC Detected

Mar 12, 2026 - 21:08 vuln.today

Public exploit code

CVE Published

Mar 11, 2026 - 19:16 nvd

HIGH 7.5

DescriptionCVE.org

IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send GET requests to /cgi-bin/cgiServer.exx with the command parameter containing dumpConfigFile() to read sensitive files including /etc/shadow and configuration files without proper authorization.

AnalysisAI

IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. [CVSS 7.5 HIGH]

Technical ContextAI

Affected ProductsAI

Component: dumpConfigFile.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2019-25472 vulnerability details – vuln.today

Back

CVE-2019-25472

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code