CVE-2019-25434

HIGH

SpotAuditor 5.3.1.0 - DoS

Title source: llm

Description

SpotAuditor 5.3.1.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting excessive data in the registration name field. Attackers can enter a large string of characters (5000 bytes or more) in the name field during registration to trigger an unhandled exception that crashes the application.

Exploits (1)

exploitdb WORKING POC

by Sanjana shetty · pythondoswindows

https://www.exploit-db.com/exploits/47494

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/47494

[Various Sources] http://www.nsauditor.com

[Third Party Advisory] https://www.vulncheck.com/advisories/spotauditor-denial-of-service-via-registration-name-field

Scores

CVSS v3 7.5

EPSS 0.0015

EPSS Percentile 34.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-121

Status published

Products (2)

Nsasoft/Nsauditor SpotAuditor SpotAuditor 5.3.1.0

nsasoft/spotauditor < 5.3.1.0

Published Feb 20, 2026

Tracked Since Feb 21, 2026