High severity8.8NVD Advisory· Published Feb 18, 2026· Updated Apr 15, 2026

CVE-2019-25351

Description

Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the vulnerability by supplying crafted parameters to download sensitive files like /etc/passwd using curl and wget requests.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

centova.comnvd
www.exploit-db.com/exploits/47669nvd
www.vulncheck.com/advisories/centova-cast-arbitrary-file-downloadnvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000