VDB
CVE-2019-25643
CVE-2019-25643
PUBLISHED
CVSS 8.800000190734863 HIGH
In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel
EPSS 0.05% · 16.3th percentile
Risk Scores
CVSS 4.0
8.800000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.05%
16.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | Android | Android kernel |
| Endonesia | eNdonesia Portal | 8.7, 8.7, 8.7 |
Exploit Intelligence
- https://source.android.com/security/bulletin/2020-09-01 (circl)
- openSUSE-SU-2020:1586 (circl)
- openSUSE-SU-2020:1655 (circl)
- https://www.oracle.com/security-alerts/cpujul2022.html (circl)
- CIRCL seen: CVE-2019-25643 (circl-sighting)
- Official Product Homepage (circl)
- Product Reference (circl)
- VulnCheck Advisory: eNdonesia Portal v8.7 SQL Injection via banners.php (circl)
- ExploitDB-46559 (cve.org)
Timeline
- Oct 14, 2020 CVE Published
- Mar 24, 2026 EPSS Score
- Mar 24, 2026 PoC Published
- Mar 25, 2026 EPSS Score
- Mar 29, 2026 Security Advisory
- Apr 1, 2026 Security Advisory
- Apr 1, 2026 Security Advisory
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
References
- ExploitDB-46559 exploit
- Official Product Homepage url
- Product Reference url
- VulnCheck Advisory: eNdonesia Portal v8.7 SQL Injection via banners.php third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-25643 advisory
- https://sourceforge.net/projects/endonesia url
- http://www.endonesia.org url
- https://www.suse.com/support/update/announcement/2020/suse-su-20202904-1/ advisory
- https://www.suse.com/support/update/announcement/2020/suse-su-20202906-1/ advisory
- https://www.suse.com/support/update/announcement/2020/suse-su-20202908-1/ advisory
- https://www.suse.com/support/update/announcement/2020/suse-su-20202907-1/ advisory
- https://www.suse.com/support/update/announcement/2020/suse-su-20202905-1/ advisory
- https://source.android.com/security/bulletin/2020-09-01 url
- openSUSE-SU-2020:1586 vendor-advisory
- openSUSE-SU-2020:1655 vendor-advisory
- https://www.oracle.com/security-alerts/cpujul2022.html url