Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2019-25709 -- CVSS 9.8 Vulnerability Briefing

CVE-2019-25709 | CVSS 9.8 (Critical) | Exploit: No known exploit

What Is It

CVE-2019-25709 is an unauthenticated sensitive data exposure vulnerability in CF Image Hosting Script version 1.6.5, affecting the application's database file stored in a publicly accessible web directory.

Technical Detail

The flaw exists because the application stores its SQLite database file, imgdb.db, in the upload/data directory without access controls, making it directly retrievable by any unauthenticated remote user via a standard HTTP GET request. An attacker can download and decode this file to extract sensitive application data, including credentials, delete tokens, and other stored records. The impact is unauthorized disclosure of the full application database, which may enable further attacks such as account takeover or content manipulation depending on what credentials or tokens are recovered.

Exploitation Status

No known public exploit code has been confirmed for this vulnerability at this time, and it is not listed in the CISA Known Exploited Vulnerabilities catalog. The attack vector is trivially simple, requiring only an HTTP request to a predictable file path, which lowers the practical barrier to exploitation even without a formal exploit tool.

Who Is Targeting This

No specific threat actor attribution at this time. Given the low complexity of exploitation and the nature of the exposed data, opportunistic attackers scanning for exposed database files represent the most likely threat profile, but no confirmed campaigns or attributed actors have been identified.

What To Do

Operators running CF Image Hosting Script 1.6.5 should immediately restrict direct web access to the upload/data directory by adding appropriate server-level access controls, such as an .htaccess deny rule on Apache or an equivalent location block on Nginx, to prevent direct retrieval of the imgdb.db file. If a patched version of the application is available, upgrade immediately. Administrators should audit web server access logs for requests to the upload/data/imgdb.db path to determine whether unauthorized access has already occurred. If the database has been exposed, all stored credentials and tokens should be treated as compromised and rotated accordingly.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →