CVE-2019-25434

CVE-2019-25434 is a denial of service vulnerability affecting SpotAuditor version 5.3.1.0. The flaw stems from the application's inadequate handling of excessive input in the registration name field, where submitting a large string of characters—5000 bytes or more—triggers an unhandled exception that crashes the application. This issue aligns with CWE-121 (stack-based buffer overflow) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its high impact on availability.

Unauthenticated attackers with network access can exploit this vulnerability remotely and with low complexity, requiring no privileges or user interaction. By entering oversized data into the registration name field, they can reliably cause the SpotAuditor application to crash, resulting in a denial of service condition that disrupts functionality for legitimate users.

Advisories and references, including the vendor site at http://www.nsauditor.com, an Exploit-DB proof-of-concept at https://www.exploit-db.com/exploits/47494, and a VulnCheck advisory at https://www.vulncheck.com/advisories/spotauditor-denial-of-service-via-registration-name-field, document the vulnerability but do not specify patches or detailed mitigation steps in the provided information. Security practitioners should verify updates from the vendor and consider input validation or restricting registration access as interim measures.