CVE-2019-25643 — Vulnetix

Try Vulnetix Request Demo

CVE-2019-25643 PUBLISHED CVSS 8.800000190734863 HIGH

In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel

EPSS 0.07% · 20.9th percentile

Risk Scores

CVSS v4.0

8.800000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS Score

0.07%

20.9th percentile

Affected Products

Vendor	Product	Versions
n/a	Android	Android kernel
Endonesia	eNdonesia Portal	8.7, 8.7, 8.7

Timeline

Oct 14, 2020 CVE Published
Mar 24, 2026 EPSS Score
Mar 24, 2026 PoC Published
Mar 25, 2026 EPSS Score
Mar 29, 2026 Security Advisory
Apr 1, 2026 Security Advisory
Apr 1, 2026 Security Advisory

References

ExploitDB-46559 exploit
Official Product Homepage url
Product Reference url
VulnCheck Advisory: eNdonesia Portal v8.7 SQL Injection via banners.php third-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2019-25643 advisory
https://sourceforge.net/projects/endonesia url
http://www.endonesia.org url
https://www.suse.com/support/update/announcement/2020/suse-su-20202904-1/ advisory
https://www.suse.com/support/update/announcement/2020/suse-su-20202906-1/ advisory
https://www.suse.com/support/update/announcement/2020/suse-su-20202908-1/ advisory
https://www.suse.com/support/update/announcement/2020/suse-su-20202907-1/ advisory
https://www.suse.com/support/update/announcement/2020/suse-su-20202905-1/ advisory
https://source.android.com/security/bulletin/2020-09-01 url
openSUSE-SU-2020:1586 vendor-advisory
openSUSE-SU-2020:1655 vendor-advisory
https://www.oracle.com/security-alerts/cpujul2022.html url

Open in Interactive Console →