CVE-2019-25610

| EUVD-2019-19961 HIGH
2026-03-22 VulnCheck GHSA-f42w-655x-jc67
Path Traversal
7.1
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Re-analysis Queued
Apr 16, 2026 - 16:22 vuln.today
cvss_changed
Severity Changed
Apr 16, 2026 - 16:22 NVD
MEDIUM HIGH
CVSS Changed
Apr 16, 2026 - 16:22 NVD
6.5 (MEDIUM) 7.1 (HIGH)
PoC Detected
Mar 23, 2026 - 14:31 vuln.today
Public exploit code
Analysis Generated
Mar 22, 2026 - 13:45 vuln.today
EUVD ID Assigned
Mar 22, 2026 - 13:45 euvd
EUVD-2019-19961
CVE Published
Mar 22, 2026 - 13:38 nvd
MEDIUM 6.5

DescriptionNVD

NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences. Attackers can manipulate the path parameter with base64-encoded payloads containing ../ sequences to bypass authorization and retrieve sensitive system files like /etc/shadow.

AnalysisAI

NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences.

Technical ContextAI

Path traversal allows an attacker to access files outside the intended directory by manipulating file paths with sequences like '../'.

RemediationAI

Validate and sanitize file path inputs. Use a whitelist of allowed files or directories. Implement chroot jails or containerization.

Share

CVE-2019-25610 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy