CVE-2019-25256

Publication date

2025-12-24 19:28:05

Family

VulnCheck

State

PUBLISHED

Description

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated ID parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulating directory path traversal in download requests.