Cyber Resilience

CVE-2019-25232

HighPublic PoC

Published: 30 January 2026

Published
30 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0044 35.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25232 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Sourceforge (inferred from references). Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 35.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

NetPCLinker version 1.0.0.0 suffers from a buffer overflow vulnerability in the Clients Control Panel DNS/IP field, classified as CVE-2019-25232 and associated with CWE-120. This flaw enables attackers to overwrite Structured Exception Handler (SEH) handlers by crafting a malicious payload for the DNS/IP input field. When a user adds a new client using this input, the vulnerability triggers arbitrary shellcode execution. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for complete system compromise.

The vulnerability is exploitable remotely by unauthenticated attackers over the network with low complexity and no user interaction required. An attacker needs only to entice or trick a user into adding a new client entry with a specially crafted DNS/IP value, such as through social engineering or a malicious interface. Successful exploitation allows execution of arbitrary shellcode, granting high confidentiality, integrity, and availability impacts, potentially leading to full remote code execution on the affected system.

Advisories and related resources, including those from VulnCheck and an Exploit-DB entry (ID 48680), detail the vulnerability and provide proof-of-concept exploits. The NetPCLinker project page on SourceForge offers additional context on the software. No specific patches or mitigations are detailed in the available information, emphasizing the need for organizations to avoid using this version and monitor for exposure in legacy deployments.

EU & UK References

Vulnerability details

NetPCLinker 1.0.0.0 contains a buffer overflow vulnerability in the Clients Control Panel DNS/IP field that allows attackers to execute arbitrary shellcode. Attackers can craft a malicious payload in the DNS/IP input to overwrite SEH handlers and execute shellcode when adding…

more

a new client.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Buffer overflow with SEH overwrite enables arbitrary shellcode execution via malicious client input in a desktop control panel application, directly mapping to client-side exploitation after social engineering to supply the payload.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2020-37028Shared CWE-120
CVE-2020-37010Shared CWE-120
CVE-2025-27832Shared CWE-120
CVE-2024-57509Shared CWE-120
CVE-2018-25302Shared CWE-120
CVE-2025-66287Shared CWE-120
CVE-2025-27833Shared CWE-120
CVE-2022-47090Shared CWE-120
CVE-2018-25301Shared CWE-120
CVE-2020-37050Shared CWE-120

Affected Assets

Sourceforge
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates and sanitizes inputs to the DNS/IP field in the Clients Control Panel to prevent buffer overflows from malicious payloads.

prevent

Implements memory protections such as ASLR and DEP to minimize successful SEH handler overwrites and arbitrary shellcode execution from buffer overflows.

prevent

Requires timely identification, reporting, and remediation of flaws like CVE-2019-25232 through patching or software replacement to eliminate the vulnerability.

References