CVE-2019-25351 | THREATINT

Description

Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the vulnerability by supplying crafted parameters to download sensitive files like /etc/passwd using curl and wget requests.

PUBLISHED Reserved 2026-02-13 | Published 2026-02-18 | Updated 2026-02-19 | Assigner VulnCheck

HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Missing Authorization

Product status

3.2.11

affected

Credits

DroidU finder

References

www.exploit-db.com/exploits/47669 (ExploitDB-47669) exploit

centova.com (Centova Cast Official Website) product

www.vulncheck.com/...es/centova-cast-arbitrary-file-download (VulnCheck Advisory: Centova Cast 3.2.11 - Arbitrary File Download) third-party-advisory

cve.org (CVE-2019-25351)

nvd.nist.gov (CVE-2019-25351)

Download JSON