CVE-2019-25679

HIGH

RealTerm Serial Terminal 2.0.0.70 Buffer Overflow SEH

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25679. PoCs published by Matteo Malvica.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in RealTerm: Serial Terminal 2.0.0.70 via the 'Echo Port' field, leveraging SEH overwrite to execute arbitrary shellcode. The payload includes a custom shellcode to display a MessageBox and is delivered through a crafted text file.

Description

RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a buffer overflow payload with a POP POP RET gadget chain and shellcode that triggers code execution when pasted into the Port field and the Change button is clicked.

Exploits (1)

exploitdb WORKING POC

by Matteo Malvica · pythonlocalwindows

https://www.exploit-db.com/exploits/46441

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow vulnerability in RealTerm: Serial Terminal 2.0.0.70 via the 'Echo Port' field, leveraging SEH overwrite to execute arbitrary shellcode. The payload includes a custom shellcode to display a MessageBox and is delivered through a crafted text file.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: RealTerm: Serial Terminal 2.0.0.70

No auth needed

Prerequisites: Python to generate payload · RealTerm installed on target · User interaction to paste payload into 'Echo Port' field

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 07, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-46441

https://www.exploit-db.com/exploits/46441

Product product

Official Product Homepage

https://realterm.sourceforge.io/

Product product

Product Reference

https://sourceforge.net/projects/realterm/files/

Third Party Advisory third-party-advisory

VulnCheck Advisory: RealTerm Serial Terminal 2.0.0.70 Buffer Overflow SEH

https://www.vulncheck.com/advisories/realterm-serial-terminal-buffer-overflow-seh

Scores

CVSS v3 7.8

EPSS 0.0031

EPSS Percentile 23.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (2)

crun/realterm 2.0.0.70

Realterm/RealTerm: Serial Terminal 1.11.2

Published Apr 05, 2026

Tracked Since Apr 06, 2026