CVE-2019-25364
Published: 18 February 2026
Summary
CVE-2019-25364 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Tabslab Mailcarrier. Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 47.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2019-25364 is a buffer overflow vulnerability in MailCarrier 2.51, specifically affecting the POP3 USER command within the POP3 service. Remote attackers can trigger the flaw by sending a crafted oversized buffer, which overwrites memory and enables arbitrary code execution. The vulnerability is classified under CWE-121 (stack-based buffer overflow) and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical.
The attack requires no privileges, authentication, or user interaction, allowing unauthenticated remote attackers to exploit it over the network with low complexity. Successful exploitation grants attackers remote code execution, potentially leading to full remote system access, high-impact compromise of confidentiality, integrity, and availability.
Advisories and related resources, including a proof-of-concept exploit on Exploit-DB (ID 47554), are available at VulnCheck (win-mailcarrier-pop-user-remote-buffer-overflow advisory) and TabsLab. No specific patch or mitigation details are detailed in the core CVE information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-19700
Vulnerability details
MailCarrier 2.51 contains a buffer overflow vulnerability in the POP3 USER command that allows remote attackers to execute arbitrary code. Attackers can send a crafted oversized buffer to the POP3 service, overwriting memory and potentially gaining remote system access.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a remote buffer overflow in a public-facing POP3 service (MailCarrier), enabling unauthenticated remote code execution, directly mapping to T1190: Exploit Public-Facing Application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the buffer overflow by requiring timely identification, reporting, and correction of the specific flaw in the POP3 USER command.
Prevents exploitation by enforcing validation of oversized buffers sent to the POP3 USER command, rejecting invalid inputs before memory overwrite.
Mitigates successful buffer overflow exploitation through memory safeguards like stack canaries, ASLR, and DEP, hindering arbitrary code execution.