CVE-2019-25607

HIGH

Axessh 4.2 Local Stack-based Buffer Overflow via Log File Name

Title source: cna

Description

Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer and execute shellcode with system privileges.

Exploits (2)

exploitdb WORKING POC

by Uday Mittal · pythonlocalwindows

https://www.exploit-db.com/exploits/46922

View Code ZIP pw:eip

exploitdb WORKING POC

by Victor Mondragón · pythondoswindows

https://www.exploit-db.com/exploits/46858

View Code ZIP pw:eip

References (6)

[Exploit] https://www.exploit-db.com/exploits/46922

[Product] http://www.labf.com

[Product] http://www.labf.com/download/axessh.exe

[Exploit] https://www.exploit-db.com/exploits/46858

[Exploit] https://www.exploit-db.com/shellcodes/46281

[Third Party Advisory] https://www.vulncheck.com/advisories/axessh-local-stack-based-buffer-overflow-via-log-file-name

Scores

CVSS v3 8.4

EPSS 0.0002

EPSS Percentile 4.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (1)

Labf/Axessh 4.2

Published Mar 22, 2026

Tracked Since Mar 22, 2026