CVE-2019-25569

MEDIUM

RealTerm Serial Terminal 2.0.0.70 SEH Overflow Crash

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25569. PoCs published by Alejandra Sánchez.

AI-analyzed exploit summary This PoC exploits a stack-based buffer overflow in RealTerm's 'Echo Port' field, corrupting the SEH chain to trigger a crash. It demonstrates the vulnerability by overwriting the SEH handler with controlled data, leading to potential arbitrary code execution.

Description

RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception handler (SEH) chain corruption. Attackers can craft a malicious input string with 268 bytes of padding followed by SEH overwrite values and paste it into the Port field to cause denial of service.

Exploits (1)

exploitdb WORKING POC
by Alejandra Sánchez · pythondoswindows
https://www.exploit-db.com/exploits/46391

This PoC exploits a stack-based buffer overflow in RealTerm's 'Echo Port' field, corrupting the SEH chain to trigger a crash. It demonstrates the vulnerability by overwriting the SEH handler with controlled data, leading to potential arbitrary code execution.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: RealTerm: Serial Terminal 2.0.0.70
No auth needed
Prerequisites: Python to generate the payload file · User interaction to paste the payload into the 'Echo Port' field
devstral-2 · analyzed Mar 21, 2026 Full analysis →

References (4)

Core 4
Core References
Product product
Product Reference
https://sourceforge.net/projects/realterm/files/
Exploit exploit
ExploitDB-46391
https://www.exploit-db.com/exploits/46391
Product product
Official Product Homepage
https://realterm.sourceforge.io/
Third Party Advisory third-party-advisory
VulnCheck Advisory: RealTerm Serial Terminal 2.0.0.70 SEH Overflow Crash
https://www.vulncheck.com/advisories/realterm-serial-terminal-seh-overflow-crash

Scores

CVSS v3 6.2
EPSS 0.0019
EPSS Percentile 8.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (2)
crun/realterm 2.0.0.70
Realterm/RealTerm: Serial Terminal 2.0.0.70
Published Mar 21, 2026
Tracked Since Mar 21, 2026