CVE-2019-25257 – LogicalDOC Enterprise 7.7.4 Authenticated Command Execution via Binary Path Manipulation

CVE ID : CVE-2019-25257

Published : Dec. 24, 2025, 7:28 p.m. | 53 minutes ago

Description : LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command, ocr.Tesseract.path, and other system paths to execute arbitrary system commands with elevated privileges.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…