Cyber Resilience

CVE-2019-25336

HighPublic PoC

Published: 12 February 2026

Published
12 February 2026
Modified
20 February 2026
KEV Added
Patch
CVSS Score v4 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0021 11.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25336 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Nsasoft Spotauditor. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 11.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and SI-16 (Memory Protection).

Deeper analysis

SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in its Base64 Encrypted Password tool, classified under CWE-121. This flaw allows attackers to execute arbitrary code by crafting a malicious Base64 encoded payload that triggers a Structured Exception Handler (SEH) overwrite, enabling shellcode execution on the vulnerable system. The vulnerability has a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for complete system compromise.

A local attacker can exploit this vulnerability with low complexity and no privileges or user interaction required. By providing a specially crafted payload to the affected tool, the attacker overwrites the SEH, bypassing basic protections and achieving remote code execution on the target system, potentially leading to full control over confidentiality, integrity, and availability.

Advisories and related resources include a detailed write-up from VulnCheck on the SpotAuditor Base64 local buffer overflow SEH issue, proof-of-concept exploits published on Exploit-DB (IDs 47719 and 47759), and the vendor site at nsauditor.com. No specific patches or mitigations are detailed in the available information, emphasizing the need to avoid using vulnerable versions of SpotAuditor.

EU & UK References

Vulnerability details

SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. Attackers can generate a specially crafted Base64 encoded payload to trigger a Structured Exception…

more

Handler (SEH) overwrite and execute shellcode on the vulnerable system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Local SEH buffer overflow enables arbitrary code execution via crafted input to a client application (T1203); commonly leveraged for local privilege escalation or unauthorized code execution (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2019-25434Same product: Nsasoft Spotauditor
CVE-2019-25340Same product: Nsasoft Spotauditor
CVE-2020-37200Same vendor: Nsasoft
CVE-2019-25435Shared CWE-121
CVE-2018-25213Same vendor: Nsasoft
CVE-2020-37119Same vendor: Nsasoft
CVE-2026-25570Shared CWE-121
CVE-2020-37013Shared CWE-121
CVE-2018-25303Shared CWE-121
CVE-2026-33147Shared CWE-121

Affected Assets

nsasoft
spotauditor
5.3.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires identification, prioritization, and remediation of flaws like the SpotAuditor buffer overflow to eliminate the vulnerability.

prevent

Implements memory safeguards such as DEP and ASLR to prevent arbitrary code execution via SEH overwrite exploits.

prevent

Prevents installation or execution of unapproved user-installed software like vulnerable SpotAuditor, removing the attack surface.

References