CVE-2019-25607

HIGH

Axessh 4.2 Local Stack-based Buffer Overflow via Log File Name

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-25607. PoCs published by Uday Mittal, Victor Mondragón.

AI-analyzed exploit summary This exploit demonstrates a local stack-based buffer overflow in Axessh 4.2 by crafting a malicious log file name that triggers arbitrary code execution via a reverse TCP meterpreter shell. The payload leverages a known return address in ctl3d32.dll to bypass protections and execute shellcode.

Description

Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer and execute shellcode with system privileges.

Exploits (2)

exploitdb WORKING POC
by Uday Mittal · pythonlocalwindows
https://www.exploit-db.com/exploits/46922

This exploit demonstrates a local stack-based buffer overflow in Axessh 4.2 by crafting a malicious log file name that triggers arbitrary code execution via a reverse TCP meterpreter shell. The payload leverages a known return address in ctl3d32.dll to bypass protections and execute shellcode.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Axessh 4.2
No auth needed
Prerequisites: Windows 7 SP1 (x86) · Axessh 4.2 installed · Listener setup for reverse shell
devstral-2 · analyzed Mar 22, 2026 Full analysis →
exploitdb WORKING POC
by Victor Mondragón · pythondoswindows
https://www.exploit-db.com/exploits/46858

This PoC exploits a buffer overflow vulnerability in Axessh 4.2 by writing a 500-byte string of 'A' characters to a file, which when pasted into the 'Log file name' field causes a denial of service (crash). The exploit is straightforward and demonstrates the vulnerability effectively.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Axessh 4.2
No auth needed
Prerequisites: Python to generate the payload file · User interaction to paste the payload into the 'Log file name' field
devstral-2 · analyzed Mar 22, 2026 Full analysis →

References (6)

Core 6
Core References
Product product
Official Product Homepage
http://www.labf.com
Exploit exploit
ExploitDB-46922
https://www.exploit-db.com/exploits/46922
Product product
Product Reference
http://www.labf.com/download/axessh.exe
Exploit exploit
Exploit DB
https://www.exploit-db.com/exploits/46858
Exploit exploit
Exploit DB
https://www.exploit-db.com/shellcodes/46281
Third Party Advisory third-party-advisory
VulnCheck Advisory: Axessh 4.2 Local Stack-based Buffer Overflow via Log File Name
https://www.vulncheck.com/advisories/axessh-local-stack-based-buffer-overflow-via-log-file-name

Scores

CVSS v3 8.4
EPSS 0.0015
EPSS Percentile 4.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-787
Status published
Products (1)
Labf/Axessh 4.2
Published Mar 22, 2026
Tracked Since Mar 22, 2026