What is CVE-2019-25471?

CVE-2019-25471 is a critical-severity vulnerability in Filethingie, classified under Path Traversal. CVSS score: 9.8/10. Published 2026-03-11.

How severe is CVE-2019-25471?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Path Traversal in Filethingie

CVE-2019-25471

FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files by sending ZIP archives through the ft2.php endpoint. Attackers can upload ZIP files containing PHP shells, use the unzip fun…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.009 (75.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Filethingie — versions 2.5.7

Weakness classification (CWE)

CWE-22 — Path Traversal

References

ExploitDB-47349 (exploit)
Product Reference (product)
VulnCheck Advisory: FileThingie 2.5.7 Arbitrary File Upload via ft2.php (third-party-advisory)

Frequently asked questions

What is CVE-2019-25471?: CVE-2019-25471 is a critical-severity vulnerability in Filethingie, classified under Path Traversal. CVSS score: 9.8/10. Published 2026-03-11.
How severe is CVE-2019-25471?: Critical severity. CVSS v3 base score is 9.8 out of 10.