CVE-2019-25434

HIGH

SpotAuditor 5.3.1.0 - Unauthenticated Denial of Service via Registration Name Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25434. PoCs published by Sanjana shetty.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service vulnerability in SpotAuditor 5.3.1.0 by triggering a crash via a buffer overflow in the registration name field. The PoC generates a file with 5000 'A' characters, which when pasted into the name field, causes the application to crash.

Description

SpotAuditor 5.3.1.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting excessive data in the registration name field. Attackers can enter a large string of characters (5000 bytes or more) in the name field during registration to trigger an unhandled exception that crashes the application.

Exploits (1)

exploitdb WORKING POC

by Sanjana shetty · pythondoswindows

https://www.exploit-db.com/exploits/47494

View Code ZIP pw:eip

This exploit demonstrates a denial-of-service vulnerability in SpotAuditor 5.3.1.0 by triggering a crash via a buffer overflow in the registration name field. The PoC generates a file with 5000 'A' characters, which when pasted into the name field, causes the application to crash.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: SpotAuditor 5.3.1.0

No auth needed

Prerequisites: SpotAuditor 5.3.1.0 installed · Access to the registration functionality

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 21, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/47494

Various Sources product

http://www.nsauditor.com

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/spotauditor-denial-of-service-via-registration-name-field

Scores

CVSS v3 7.5

EPSS 0.0037

EPSS Percentile 28.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-121

Status published

Products (2)

Nsasoft/Nsauditor SpotAuditor SpotAuditor 5.3.1.0

nsasoft/spotauditor < 5.3.1.0

Published Feb 20, 2026

Tracked Since Feb 21, 2026