CVE-2019-25351

HIGH 8.8

Centova Cast 3.2.11 - Arbitrary File Download

CVSS Score

8.8

EPSS Score

0.0%

EPSS Percentile

0th

Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the vulnerability by supplying crafted parameters to download sensitive files like /etc/passwd using curl and wget requests.

CWE	CWE-862
Vendor	centova technologies inc.
Product	centova cast
Published	Feb 18, 2026
Last Updated	Feb 19, 2026

Stay Ahead of the Next One

Get instant alerts for centova technologies inc. centova cast

Be the first to know when new high vulnerabilities affecting centova technologies inc. centova cast are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Centova Technologies Inc. / Centova Cast

3.2.11

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/47669 centova.com: https://centova.com vulncheck.com: https://www.vulncheck.com/advisories/centova-cast-arbitrary-file-download

Credits

DroidU