CVE-2019-25360
Published: 18 February 2026
Summary
CVE-2019-25360 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Aida64 Aida64. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 44.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the stack-based buffer overflow vulnerability in Aida64's CSV logging by applying vendor patches to eliminate the flaw.
Implements memory protections like non-executable stacks and ASLR to block exploitation of the buffer overflow via SEH overwrite techniques.
Validates malformed CSV log file inputs to restrict oversized or specially crafted payloads that trigger the buffer overflow.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The stack-based buffer overflow in Aida64's CSV logging component enables remote code execution via a malformed log file, directly mapping to Exploitation for Client Execution (T1203).
NVD Description
Aida64 Engineer 6.10.5200 contains a buffer overflow vulnerability in the CSV logging configuration that allows attackers to execute malicious code by crafting a specially designed payload. Attackers can exploit the vulnerability by creating a malformed log file with carefully constructed…
more
SEH (Structured Exception Handler) overwrite techniques to achieve remote code execution.
Deeper analysisAI
CVE-2019-25360 is a stack-based buffer overflow vulnerability (CWE-121) in Aida64 Engineer version 6.10.5200, specifically within the CSV logging configuration component. The flaw allows attackers to execute arbitrary code by supplying a specially crafted payload in a malformed log file, leveraging Structured Exception Handler (SEH) overwrite techniques to achieve remote code execution. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, and lack of prerequisites.
Remote attackers require no privileges or user interaction to exploit this vulnerability. By creating and delivering a malicious log file—potentially through social engineering, shared file vectors, or integration points that trigger CSV logging—they can overwrite the SEH chain, bypass protections, and gain full control over the affected system, resulting in high confidentiality, integrity, and availability impacts.
Mitigation details are referenced in vendor resources at https://www.aida64.com and a potential update download at https://www.aida64.com/downloads/OTAwMmVmNTE=, alongside advisories from VulnCheck at https://www.vulncheck.com/advisories/aida-buffer-overflow. A proof-of-concept exploit is publicly available at https://www.exploit-db.com/exploits/47574. Security practitioners should apply patches from the vendor and avoid processing untrusted log files in vulnerable versions.
Details
- CWE(s)