Cyber Resilience

CVE-2019-25364

CriticalPublic PoC

Published: 18 February 2026

Published
18 February 2026
Modified
24 February 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0083 53.0th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2019-25364 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Tabslab Mailcarrier. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 47.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2019-25364 is a buffer overflow vulnerability in MailCarrier 2.51, specifically affecting the POP3 USER command within the POP3 service. Remote attackers can trigger the flaw by sending a crafted oversized buffer, which overwrites memory and enables arbitrary code execution. The vulnerability is classified under CWE-121 (stack-based buffer overflow) and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical.

The attack requires no privileges, authentication, or user interaction, allowing unauthenticated remote attackers to exploit it over the network with low complexity. Successful exploitation grants attackers remote code execution, potentially leading to full remote system access, high-impact compromise of confidentiality, integrity, and availability.

Advisories and related resources, including a proof-of-concept exploit on Exploit-DB (ID 47554), are available at VulnCheck (win-mailcarrier-pop-user-remote-buffer-overflow advisory) and TabsLab. No specific patch or mitigation details are detailed in the core CVE information.

EU & UK References

Vulnerability details

MailCarrier 2.51 contains a buffer overflow vulnerability in the POP3 USER command that allows remote attackers to execute arbitrary code. Attackers can send a crafted oversized buffer to the POP3 service, overwriting memory and potentially gaining remote system access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability is a remote buffer overflow in a public-facing POP3 service (MailCarrier), enabling unauthenticated remote code execution, directly mapping to T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2019-25646Same product: Tabslab Mailcarrier
CVE-2026-38422Shared CWE-121
CVE-2025-11783Shared CWE-121
CVE-2025-54491Shared CWE-121
CVE-2024-39359Shared CWE-121
CVE-2026-42469Shared CWE-121
CVE-2020-37159Shared CWE-121
CVE-2024-39603Shared CWE-121
CVE-2024-36258Shared CWE-121
CVE-2024-51138Shared CWE-121

Affected Assets

tabslab
mailcarrier
2.51

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the buffer overflow by requiring timely identification, reporting, and correction of the specific flaw in the POP3 USER command.

prevent

Prevents exploitation by enforcing validation of oversized buffers sent to the POP3 USER command, rejecting invalid inputs before memory overwrite.

prevent

Mitigates successful buffer overflow exploitation through memory safeguards like stack canaries, ASLR, and DEP, hindering arbitrary code execution.

References