CVE-2019-25485

MEDIUM

R 3.4.4 Windows x64 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-25485. PoCs published by blackleitus, TheMalwareGuardian.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in R 3.4.4 on Windows 10 x64, bypassing DEP/ASLR via SEH overwrite and ROP chain to execute arbitrary shellcode (calc.exe). The payload is crafted to exploit the 'Language for menus' input field in GUI Preferences.

Description

R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. Attackers can inject a crafted payload through the Language for menus preference to trigger a structured exception handler chain pivot and execute arbitrary shellcode with application privileges.

Exploits (2)

exploitdb WORKING POC

by blackleitus · pythonlocalwindows_x86-64

https://www.exploit-db.com/exploits/47122

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow vulnerability in R 3.4.4 on Windows 10 x64, bypassing DEP/ASLR via SEH overwrite and ROP chain to execute arbitrary shellcode (calc.exe). The payload is crafted to exploit the 'Language for menus' input field in GUI Preferences.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: R 3.4.4 (Windows 10 x64)

No auth needed

Prerequisites: R 3.4.4 installed on Windows 10 x64 · Access to GUI Preferences menu

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 12, 2026 Full analysis →

nomisec WRITEUP

by TheMalwareGuardian · poc

https://github.com/TheMalwareGuardian/CVE-2019-25485

View Code ZIP pw:eip

This repository provides a detailed technical analysis and educational material for CVE-2019-25485, a stack-based buffer overflow in R 3.4.4. It includes step-by-step exploitation methodologies for both x86 and x64 architectures, highlighting the differences in exploitation paths and constraints.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: R 3.4.4

No auth needed

Prerequisites: R 3.4.4 installed on the target system

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 24, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/47122

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/r-windows-x64-buffer-overflow-seh-dep-aslr-bypass

Scores

CVSS v3 6.2

EPSS 0.0012

EPSS Percentile 2.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-787

Status published

Products (1)

R-Project/R 3.4.4

Published Mar 11, 2026

Tracked Since Mar 12, 2026