CVE-2019-25618

MEDIUM

AdminExpress 1.2.5 Denial of Service via System Compare

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25618. PoCs published by Mücahit İsmail Aktaş.

AI-analyzed exploit summary This PoC exploits a buffer overflow vulnerability in AdminExpress 1.2.5 by sending a large payload (5000 'A' characters) to the 'Folder Path' field, triggering a Denial of Service (DoS). The exploit requires user interaction to paste the payload and click the scales icon.

Description

AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the System Compare feature. Attackers can paste a large buffer of characters into the Folder Path field and trigger the comparison function to cause the application to become unresponsive or crash.

Exploits (1)

exploitdb WORKING POC
by Mücahit İsmail Aktaş · pythondoswindows
https://www.exploit-db.com/exploits/46711

This PoC exploits a buffer overflow vulnerability in AdminExpress 1.2.5 by sending a large payload (5000 'A' characters) to the 'Folder Path' field, triggering a Denial of Service (DoS). The exploit requires user interaction to paste the payload and click the scales icon.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: AdminExpress 1.2.5.485
No auth needed
Prerequisites: User interaction to paste payload and click the scales icon
devstral-2 · analyzed Mar 22, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit
ExploitDB-46711
https://www.exploit-db.com/exploits/46711
Product product
Product Reference
https://admin-express.en.softonic.com/
Third Party Advisory third-party-advisory
VulnCheck Advisory: AdminExpress 1.2.5 Denial of Service via System Compare
https://www.vulncheck.com/advisories/adminexpress-denial-of-service-via-system-compare

Scores

CVSS v3 6.2
EPSS 0.0013
EPSS Percentile 2.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-73
Status published
Products (1)
Admin-Express/AdminExpress 1.2.5.485
Published Mar 22, 2026
Tracked Since Mar 22, 2026