CVE-2019-25434

HIGH

SpotAuditor 5.3.1.0 - DoS

Title source: llm

Description

SpotAuditor 5.3.1.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting excessive data in the registration name field. Attackers can enter a large string of characters (5000 bytes or more) in the name field during registration to trigger an unhandled exception that crashes the application.

Exploits (1)

exploitdb WORKING POC

by Sanjana shetty · pythondoswindows

https://www.exploit-db.com/exploits/47494

View Code ZIP pw:eip

References (3)

[Various Sources] http://www.nsauditor.com

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/47494

[Third Party Advisory] https://www.vulncheck.com/advisories/spotauditor-denial-of-service-via-registration-name-field

Scores

CVSS v3 7.5

EPSS 0.0010

EPSS Percentile 27.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-121

Status published

Affected Products (1)

nsasoft/spotauditor < 5.3.1.0

Timeline

Published Feb 20, 2026

Tracked Since Feb 21, 2026