CVE-2019-25679

HIGH

RealTerm Serial Terminal 2.0.0.70 Buffer Overflow SEH

Title source: cna

Description

RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a buffer overflow payload with a POP POP RET gadget chain and shellcode that triggers code execution when pasted into the Port field and the Change button is clicked.

Exploits (1)

exploitdb WORKING POC

by Matteo Malvica · pythonlocalwindows

https://www.exploit-db.com/exploits/46441

View Code ZIP pw:eip

References (4)

[Exploit] https://www.exploit-db.com/exploits/46441

[Product] https://realterm.sourceforge.io/

[Product] https://sourceforge.net/projects/realterm/files/

[Third Party Advisory] https://www.vulncheck.com/advisories/realterm-serial-terminal-buffer-overflow-seh

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 0.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (2)

crun/realterm 2.0.0.70

Realterm/RealTerm: Serial Terminal 1.11.2

Published Apr 05, 2026

Tracked Since Apr 06, 2026