Platform
other
Component
netgain-em-plus
Fixed in
10.1.69
CVE-2019-25468 is a critical Remote Code Execution (RCE) vulnerability discovered in NetGain EM Plus. This vulnerability allows unauthenticated attackers to execute arbitrary system commands, potentially leading to complete system compromise. It affects versions 10.1.68–10.1.68, and a patch is available from the vendor.
The vulnerability lies within the script_test.jsp endpoint, which lacks proper input validation. An attacker can craft malicious POST requests, embedding shell commands within the 'content' parameter. Upon successful submission, these commands are executed on the server, granting the attacker arbitrary code execution privileges. This can lead to data theft, system takeover, and further lateral movement within the network. The lack of authentication makes this vulnerability particularly dangerous, as any external user can potentially exploit it.
This vulnerability is considered highly exploitable due to its ease of exploitation and lack of authentication. Public proof-of-concept (POC) code is likely to emerge, increasing the risk of widespread exploitation. While no active campaigns have been publicly confirmed, the vulnerability's severity warrants immediate attention. It was published on 2026-03-11.
Exploit Status
EPSS
0.29% (52% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade to a patched version of NetGain EM Plus as soon as possible. If immediate patching is not feasible, consider implementing temporary workarounds such as restricting access to the scripttest.jsp endpoint using a Web Application Firewall (WAF) or proxy server. Configure the WAF to block POST requests to this endpoint with suspicious content in the 'content' parameter. Monitor access logs for unusual activity and investigate any suspicious POST requests targeting scripttest.jsp. After upgrading, confirm the vulnerability is resolved by attempting a test POST request with a benign command and verifying that it is not executed.
Update NetGain EM Plus to a patched version. Refer to the vendor's documentation or website for specific instructions on how to apply the update and mitigate the vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2019-25468 is a critical Remote Code Execution vulnerability in NetGain EM Plus versions 10.1.68–10.1.68, allowing unauthenticated attackers to execute system commands.
If you are running NetGain EM Plus version 10.1.68–10.1.68, you are potentially affected by this vulnerability. Check your version and upgrade immediately.
The recommended fix is to upgrade to a patched version of NetGain EM Plus. If patching is not immediately possible, implement WAF rules to block malicious requests.
While no active campaigns have been publicly confirmed, the vulnerability's severity and ease of exploitation suggest a high risk of exploitation.
Refer to the NetGain EM Plus security advisories on their official website for the latest information and patch details.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.