CVE-2019-25646

CRITICAL

Tabs Mail Carrier 2.5.1 Buffer Overflow via MAIL FROM

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25646. PoCs published by Joseph McDonagh.

AI-analyzed exploit summary This Python script exploits a buffer overflow vulnerability in Tabs Mail Carrier 2.5.1 via the MAIL FROM: SMTP command. It uses an egghunter and shellcode to achieve remote code execution, binding a shell on TCP port 19397.

Description

Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Attackers can connect to the SMTP service on port 25 and send a malicious MAIL FROM command with an oversized buffer to overwrite the EIP register and execute a bind shell payload.

Exploits (1)

exploitdb WORKING POC

by Joseph McDonagh · pythonremotewindows

https://www.exploit-db.com/exploits/46547

View Code ZIP pw:eip

This Python script exploits a buffer overflow vulnerability in Tabs Mail Carrier 2.5.1 via the MAIL FROM: SMTP command. It uses an egghunter and shellcode to achieve remote code execution, binding a shell on TCP port 19397.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Tabs Mail Carrier 2.5.1

No auth needed

Prerequisites: Network access to SMTP port (25) · Target running Tabs Mail Carrier 2.5.1 on Windows Vista SP2

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 24, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit exploit

ExploitDB-46547

https://www.exploit-db.com/exploits/46547

Third Party Advisory third-party-advisory

VulnCheck Advisory: Tabs Mail Carrier 2.5.1 Buffer Overflow via MAIL FROM

https://www.vulncheck.com/advisories/tabs-mail-carrier-buffer-overflow-via-mail-from

Scores

CVSS v3 9.8

EPSS 0.0091

EPSS Percentile 55.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-787

Status published

Products (2)

Tabs/Mail Carrier 2.5.1

tabslab/mailcarrier 2.5.1

Published Mar 24, 2026

Tracked Since Mar 24, 2026