CVE-2019-25594

MEDIUM

ASPRunner.NET 10.1 Denial of Service via Table Name Field

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25594. PoCs published by Victor Mondragón.

AI-analyzed exploit summary This PoC exploits a denial-of-service vulnerability in ASPRunner.NET 10.1 by overflowing a buffer in the 'Table name' field during database creation. The exploit generates a 10,000-byte string of 'A' characters, which crashes the application when pasted into the field.

Description

ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the table name field. Attackers can input a buffer of 10000 characters in the table name parameter during database table creation to trigger an application crash.

Exploits (1)

exploitdb WORKING POC

by Victor Mondragón · pythondoswindows

https://www.exploit-db.com/exploits/46823

View Code ZIP pw:eip

This PoC exploits a denial-of-service vulnerability in ASPRunner.NET 10.1 by overflowing a buffer in the 'Table name' field during database creation. The exploit generates a 10,000-byte string of 'A' characters, which crashes the application when pasted into the field.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: ASPRunner.NET 10.1

No auth needed

Prerequisites: Python to generate the payload file · User interaction to paste the payload into the 'Table name' field

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Mar 22, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-46823

https://www.exploit-db.com/exploits/46823

Product product

Official Product Homepage

https://xlinesoft.com/

Product product

Product Reference

https://xlinesoft.com/asprunnernet/download.htm

Third Party Advisory third-party-advisory

VulnCheck Advisory: ASPRunner.NET 10.1 Denial of Service via Table Name Field

https://www.vulncheck.com/advisories/asprunner-net-denial-of-service-via-table-name-field

Scores

CVSS v3 6.2

EPSS 0.0013

EPSS Percentile 3.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-807

Status published

Products (1)

Xlinesoft/ASPRunner.NET 10.1

Published Mar 22, 2026

Tracked Since Mar 22, 2026