What is CVE-2019-25470?

CVE-2019-25470 is a high-severity vulnerability in Ewon, classified under Use of Hard-coded Credentials. CVSS score: 7.5/10. Published 2026-03-11.

How severe is CVE-2019-25470?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Ewon

CVE-2019-25470

eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /w…

EPSS: 0.001 (27.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Ewon — versions 12.2 <= 13.0

Weakness classification (CWE)

CWE-798 — Use of Hard-coded Credentials

References

ExploitDB-47380 (exploit)
Official Product Homepage (product)
VulnCheck Advisory: eWON Firmware 12.2-13.0 Authentication Bypass via wsdReadForm (third-party-advisory)

Frequently asked questions

What is CVE-2019-25470?: CVE-2019-25470 is a high-severity vulnerability in Ewon, classified under Use of Hard-coded Credentials. CVSS score: 7.5/10. Published 2026-03-11.
How severe is CVE-2019-25470?: High severity. CVSS v3 base score is 7.5 out of 10.