CVE-2019-25240

CriticalPublic PoC

Published: 24 December 2025

Published

24 December 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0013 31.9th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attackers can exploit the Mobile Web Viewer module by specifying channel numbers to retrieve sequential video snapshots without authentication.

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

Directly identifies and restricts critical actions like retrieving video snapshots via animate.cgi that are permitted without identification or authentication, countering the missing authentication vulnerability.

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations requiring authentication for access to live video streams through the vulnerable Mobile Web Viewer script.

SC-14 Public Access Protections good match

prevent

Implements deny-by-default public access protections for exposed web endpoints like animate.cgi, preventing unauthenticated remote exploitation of video streams.

Security SummaryAI

CVE-2019-25240 is an unauthenticated vulnerability in the Rifatron 5brid DVR, specifically affecting the animate.cgi script within the Mobile Web Viewer module. This flaw allows attackers to access live video streams by specifying channel numbers to retrieve sequential video snapshots without any authentication, violating CWE-306 (Missing Authentication for Critical Function). The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its remote, low-complexity exploitation potential with high impacts on confidentiality, integrity, and availability.

Any network-accessible attacker can exploit this vulnerability without privileges or user interaction, simply by sending crafted requests to the animate.cgi endpoint with channel parameters. Successful exploitation grants unauthorized viewing of live video feeds from the DVR's channels, potentially exposing sensitive surveillance footage.

Advisories and proof-of-concept exploits are documented in references including the vendor site at http://www.rifatron.com, Exploit-DB at https://www.exploit-db.com/exploits/47368, and Zero Science Labs at https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5532.php, which provide further details on the issue though specific mitigation or patch guidance is not detailed in the CVE record.

Details

CWE(s): CWE-306

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability allows unauthenticated remote access to live video streams via a public-facing web CGI script, directly enabling exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

http://www.rifatron.com
disclosure@vulncheck.com
https://www.exploit-db.com/exploits/47368
disclosure@vulncheck.com
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5532.php
disclosure@vulncheck.com
https://www.exploit-db.com/exploits/47368
134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5532.php
134c704f-9b21-4f2e-91b3-4a467353bcc0