CVE-2019-25609

HIGH

JetAudio jetCast Server 2.0 Local SEH Buffer Overflow

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25609. PoCs published by Connor McGarr.

AI-analyzed exploit summary This exploit demonstrates a local SEH-based buffer overflow in JetAudio jetCast Server 2.0 via the 'Log Directory' field. It uses alphanumeric-encoded shellcode to execute calc.exe by manipulating the stack and registers.

Description

JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger an SEH exception handler and execute arbitrary code with application privileges.

Exploits (1)

exploitdb WORKING POC

by Connor McGarr · pythonlocalwindows

https://www.exploit-db.com/exploits/46854

View Code ZIP pw:eip

This exploit demonstrates a local SEH-based buffer overflow in JetAudio jetCast Server 2.0 via the 'Log Directory' field. It uses alphanumeric-encoded shellcode to execute calc.exe by manipulating the stack and registers.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: JetAudio jetCast Server 2.0

No auth needed

Prerequisites: Local access to the target system · JetAudio jetCast Server 2.0 installed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 22, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-46854

https://www.exploit-db.com/exploits/46854

Product product

Official Product Homepage

http://www.jetaudio.com/

Product product

Product Reference

http://www.jetaudio.com/download/5fc01426-741d-41b8-a120-d890330ec672/jetAudio/Download/jetCast/build/JCS2000.exe

Third Party Advisory third-party-advisory

VulnCheck Advisory: JetAudio jetCast Server 2.0 Local SEH Buffer Overflow

https://www.vulncheck.com/advisories/jetaudio-jetcast-server-local-seh-buffer-overflow

Scores

CVSS v3 8.4

EPSS 0.0019

EPSS Percentile 8.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (1)

Jetaudio/Server 2.0

Published Mar 22, 2026

Tracked Since Mar 22, 2026