Ross Video DashBoard 8.5.1 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files due to improper permission settings. Attackers can exploit the 'M' or 'C' flags for 'Authenticated Users' group to replace the DashBoard.exe binary with a malicious executable.
PUBLISHED5.2CWE-732
Ross Video DashBoard 8.5.1 Privilege Escalation via Insecure Permissions
Problem type
Affected products
Ross Video Ltd.
DashBoard
8.5.1 - AFFECTED
References
ExploitDB-46742
https://www.exploit-db.com/exploits/46742
Ross Video Official Product Homepage
https://www.rossvideo.com
Zero Science Lab Disclosure (ZSL-2019-5516)
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5516.php
GitHub Security Advisories
GHSA-qmhc-vf98-cwmf
Ross Video DashBoard 8.5.1 contains an elevation of privileges vulnerability that allows...
https://github.com/advisories/GHSA-qmhc-vf98-cwmfRoss Video DashBoard 8.5.1 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files due to improper permission settings. Attackers can exploit the 'M' or 'C' flags for 'Authenticated Users' group to replace the DashBoard.exe binary with a malicious executable.
JSON source
https://cveawg.mitre.org/api/cve/CVE-2019-25245Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2019-25245",
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"dateUpdated": "2025-12-24T20:22:52.203Z",
"dateReserved": "2025-12-24T14:27:12.476Z",
"datePublished": "2025-12-24T19:27:59.816Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck",
"dateUpdated": "2025-12-24T19:27:59.816Z"
},
"datePublic": "2019-04-23T00:00:00.000Z",
"title": "Ross Video DashBoard 8.5.1 Privilege Escalation via Insecure Permissions",
"descriptions": [
{
"lang": "en",
"value": "Ross Video DashBoard 8.5.1 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files due to improper permission settings. Attackers can exploit the 'M' or 'C' flags for 'Authenticated Users' group to replace the DashBoard.exe binary with a malicious executable."
}
],
"affected": [
{
"vendor": "Ross Video Ltd.",
"product": "DashBoard",
"versions": [
{
"version": "8.5.1",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.exploit-db.com/exploits/46742",
"name": "ExploitDB-46742",
"tags": [
"exploit"
]
},
{
"url": "https://www.rossvideo.com",
"name": "Ross Video Official Product Homepage",
"tags": [
"product"
]
},
{
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5516.php",
"name": "Zero Science Lab Disclosure (ZSL-2019-5516)",
"tags": [
"third-party-advisory"
]
}
],
"metrics": [
{
"format": "CVSS"
},
{
"format": "CVSS",
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
}
],
"credits": [
{
"lang": "en",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab",
"type": "finder"
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-12-24T20:22:52.203Z"
},
"title": "CISA ADP Vulnrichment",
"references": [
{
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5516.php",
"tags": [
"exploit"
]
}
],
"metrics": [
{}
]
}
]
}
}