CVE-2018-19410 Paessler CVE debrief

Who should care

Organizations that run Paessler PRTG Network Monitor, along with vulnerability management, patching, and incident response teams responsible for that product.

Technical summary

The supplied official record identifies the issue as a local file inclusion vulnerability in Paessler PRTG Network Monitor. CISA’s KEV entry marks it as known exploited, with a due date of 2025-02-25 for remediation actions. The corpus does not provide CVSS scoring or additional exploit details, so defensive action should be driven by the KEV listing and vendor guidance referenced by CISA.

Defensive priority

Immediate priority for affected deployments because the issue is listed in CISA’s Known Exploited Vulnerabilities catalog.

Recommended defensive actions

• Inventory all Paessler PRTG Network Monitor installations and confirm whether any are affected.
• Apply vendor mitigations referenced by CISA and Paessler as soon as possible.
• If mitigations are unavailable or ineffective, discontinue use of the product per CISA guidance.
• Track remediation against the CISA KEV due date of 2025-02-25.
• Include this CVE in vulnerability management and incident response monitoring because KEV listing indicates known exploitation.

Evidence notes

CISA’s KEV source metadata names the vulnerability as a Paessler PRTG Network Monitor local file inclusion issue, with dateAdded 2025-02-04, dueDate 2025-02-25, and requiredAction instructing organizations to apply vendor mitigations or discontinue use if mitigations are unavailable. The same source notes reference the Paessler product history page and the NVD detail page. The supplied corpus does not include a CVSS score.

Official resources