CVE-2019-25612

HIGH

Admin Express 1.2.5.485 Local SEH Buffer Overflow via Folder Path

Title source: cna

Description

Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field. Attackers can trigger the vulnerability through the System Compare feature by pasting a crafted buffer overflow payload into the left-hand side Folder Path field and clicking the scale icon to execute shellcode with application privileges.

Exploits (1)

exploitdb WORKING POC

by Connor McGarr · pythonlocalwindows

https://www.exploit-db.com/exploits/46805

View Code ZIP pw:eip

References (4)

[Exploit] https://www.exploit-db.com/exploits/46805

[Product] https://admin-express.en.softonic.com/

[Product] https://admin-express.en.softonic.com/download

[Third Party Advisory] https://www.vulncheck.com/advisories/admin-express-local-seh-buffer-overflow-via-folder-path

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 3.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (1)

Admin-Express/Admin-Express 1.2.5.485

Published Mar 22, 2026

Tracked Since Mar 22, 2026