Is there a public PoC exploit available for CVE-2019-25608?

Yes, a public proof-of-concept exploit is available for CVE-2019-25608. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2019-25608?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

CVE-2019-25608

Q: What is the CVSS score of CVE-2019-25608?

CVE-2019-25608 has a CVSS 4.0 base score of 8.6 (High). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2019-19957 HIGH

.NET Misconfiguration: Use of Impersonation (CWE-520)

2026-03-22 VulnCheck

GHSA-25hq-fgwv-mq8p

Privilege Escalation RCE

8.6

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 16, 2026 - 16:22 vuln.today

cvss_changed

CVSS changed

Apr 16, 2026 - 16:22 NVD

8.4 (HIGH) 8.6 (HIGH)

PoC Detected

Mar 23, 2026 - 14:31 vuln.today

Public exploit code

EUVD ID Assigned

Mar 22, 2026 - 13:45 euvd

EUVD-2019-19957

Analysis Generated

Mar 22, 2026 - 13:45 vuln.today

CVE Published

Mar 22, 2026 - 13:38 nvd

HIGH 8.4

DescriptionNVD

Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations, which run with the privileges of the Iperius Backup Service account (Local System or Administrator), enabling privilege escalation and arbitrary code execution.

AnalysisAI

Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs.

Technical ContextAI

Remote code execution allows an attacker to run arbitrary commands or code on the target system over a network without prior authentication. This vulnerability is classified as .NET Misconfiguration: Use of Impersonation (CWE-520).

RemediationAI

Apply vendor patches immediately. Restrict network access to vulnerable services. Implement network segmentation and monitoring for anomalous activity.

CVE-2019-25608 vulnerability details – vuln.today

Back

CVE-2019-25608

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

CVE-2019-25608

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code