CVE-2019-25257

EUVD-2025-205293
LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command, ocr.Tesseract.path, and other system paths to execute arbitrary system commands with elevated privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
VulnCheckCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
logicaldoclogicaldoc
7.7.4
CNA
logicaldoclogicaldoc
7.7.3
CNA
logicaldoclogicaldoc
7.7.2
CNA
logicaldoclogicaldoc
7.7.1
CNA
logicaldoclogicaldoc
7.6.4
CNA
logicaldoclogicaldoc
7.6.2
CNA
logicaldoclogicaldoc
7.5.1
CNA
logicaldoclogicaldoc
7.4.2
CNA
logicaldoclogicaldoc
7.1.1
CNA
Common Weakness Enumeration
References
https://www.exploit-db.com/exploits/44021
https://www.logicaldoc.com
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5452.php
https://www.exploit-db.com/exploits/44021
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5452.php