CVE-2019-25566

MEDIUM

TransMac 12.3 Denial of Service via Volume Name Field

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25566. PoCs published by Alejandra Sánchez.

AI-analyzed exploit summary This PoC exploits a denial-of-service vulnerability in TransMac 12.3 by overflowing the 'Volume name' field with a 1000-byte buffer of 'A' characters, causing the application to crash when creating a new disk image.

Description

TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can create a malicious file with 1000 repeated characters, paste the content into the volume name field during disk image creation, and trigger an application crash.

Exploits (1)

exploitdb WORKING POC
by Alejandra Sánchez · pythondoswindows
https://www.exploit-db.com/exploits/46470

This PoC exploits a denial-of-service vulnerability in TransMac 12.3 by overflowing the 'Volume name' field with a 1000-byte buffer of 'A' characters, causing the application to crash when creating a new disk image.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: TransMac 12.3
No auth needed
Prerequisites: Python to generate the payload file · TransMac 12.3 installed on Windows
devstral-2 · analyzed Mar 21, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit
ExploitDB-46470
https://www.exploit-db.com/exploits/46470
Product product
Official Product Homepage
https://www.acutesystems.com/
Product product
Product Reference
https://www.acutesystems.com/tmac/tmsetup.exe
Third Party Advisory third-party-advisory
VulnCheck Advisory: TransMac 12.3 Denial of Service via Volume Name Field
https://www.vulncheck.com/advisories/transmac-denial-of-service-via-volume-name-field

Scores

CVSS v3 6.2
EPSS 0.0018
EPSS Percentile 8.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (2)
acutesystems/transmac 12.3
Acutesystems/TransMac 12.3
Published Mar 21, 2026
Tracked Since Mar 21, 2026