System	Score	Found at
cvssv3	9.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-25038.json
epss	0.00738	https://api.first.org/data/v1/epss?cve=CVE-2019-25038
epss	0.00738	https://api.first.org/data/v1/epss?cve=CVE-2019-25038
epss	0.00738	https://api.first.org/data/v1/epss?cve=CVE-2019-25038
epss	0.00738	https://api.first.org/data/v1/epss?cve=CVE-2019-25038
epss	0.00738	https://api.first.org/data/v1/epss?cve=CVE-2019-25038
epss	0.00738	https://api.first.org/data/v1/epss?cve=CVE-2019-25038
epss	0.00738	https://api.first.org/data/v1/epss?cve=CVE-2019-25038
epss	0.00738	https://api.first.org/data/v1/epss?cve=CVE-2019-25038
epss	0.00738	https://api.first.org/data/v1/epss?cve=CVE-2019-25038
cvssv3.1	5.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc	Track	https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html
ssvc	Track	https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
ssvc	Track	https://security.netapp.com/advisory/ntap-20210507-0007/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-25038.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-25038
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25038
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1954796		https://bugzilla.redhat.com/show_bug.cgi?id=1954796
msg00007.html		https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html
ntap-20210507-0007		https://security.netapp.com/advisory/ntap-20210507-0007/
our-audit-of-unbound-dns-by-x41-d-sec-full-results		https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
RHSA-2021:1853		https://access.redhat.com/errata/RHSA-2021:1853
RHSA-2022:0632		https://access.redhat.com/errata/RHSA-2022:0632
USN-4938-1		https://usn.ubuntu.com/4938-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-25038.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

---

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-11T14:42:51Z/ Found at https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html

---

---

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-11T14:42:51Z/ Found at https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/

---

---

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-11T14:42:51Z/ Found at https://security.netapp.com/advisory/ntap-20210507-0007/

---

Percentile	0.72792
EPSS Score	0.00738
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-03T13:11:30.589107+00:00	NVD CVE Status Improver	Improve	https://cveawg.mitre.org/api/cve/CVE-2019-25038	38.1.0
2026-04-01T14:14:52.651371+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-25038.json	38.0.0