CVE-2019-25278

MEDIUM 5.9

FaceSentry Access Control System 6.4.8 Authentication Credentials MiTM Disclosure

CVSS Score

5.9

EPSS Score

0.0%

EPSS Percentile

0th

FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication.

CWE	CWE-319
Vendor	iwt ltd.
Product	facesentry access control system
Published	Jan 7, 2026
Last Updated	Feb 18, 2026

Stay Ahead of the Next One

Get instant alerts for iwt ltd. facesentry access control system

Be the first to know when new medium vulnerabilities affecting iwt ltd. facesentry access control system are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

iWT Ltd. / FaceSentry Access Control System

6.4.8 build 264 5.7.2 build 568 5.7.0 build 539

References

NVD ↗ CVE.org ↗ EPSS Data ↗

zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5528.php packetstormsecurity.com: https://packetstormsecurity.com/files/153498 exchange.xforce.ibmcloud.com: https://exchange.xforce.ibmcloud.com/vulnerabilities/163192

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab