CVE-2019-25590

MEDIUM

Axessh 4.2 Denial of Service via Log File Name

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25590. PoCs published by Victor Mondragón.

AI-analyzed exploit summary This PoC exploits a buffer overflow vulnerability in Axessh 4.2 by writing a 500-byte string of 'A' characters to a file, which when pasted into the 'Log file name' field causes a denial of service (crash). The exploit is straightforward and demonstrates the vulnerability effectively.

Description

Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log file name parameter, and trigger a crash when establishing a telnet connection.

Exploits (1)

exploitdb WORKING POC
by Victor Mondragón · pythondoswindows
https://www.exploit-db.com/exploits/46858

This PoC exploits a buffer overflow vulnerability in Axessh 4.2 by writing a 500-byte string of 'A' characters to a file, which when pasted into the 'Log file name' field causes a denial of service (crash). The exploit is straightforward and demonstrates the vulnerability effectively.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Axessh 4.2
No auth needed
Prerequisites: Python to generate the payload file · User interaction to paste the payload into the 'Log file name' field
devstral-2 · analyzed Mar 22, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit
ExploitDB-46858
https://www.exploit-db.com/exploits/46858
Product product
Official Product Homepage
http://www.labf.com
Product product
Product Reference
http://www.labf.com/download/axessh.exe
Third Party Advisory third-party-advisory
VulnCheck Advisory: Axessh 4.2 Denial of Service via Log File Name
https://www.vulncheck.com/advisories/axessh-denial-of-service-via-log-file-name

Scores

CVSS v3 6.2
EPSS 0.0017
EPSS Percentile 6.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-1282
Status published
Products (1)
Labf/Axessh 4.2
Published Mar 22, 2026
Tracked Since Mar 22, 2026