CVE-2019-25434
Published: 20 February 2026
Summary
CVE-2019-25434 is a medium-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Nsasoft Spotauditor. Its CVSS base score is 6.7 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 35.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2019-25434 is a denial of service vulnerability affecting SpotAuditor version 5.3.1.0. The flaw stems from the application's inadequate handling of excessive input in the registration name field, where submitting a large string of characters—5000 bytes or more—triggers an unhandled exception that crashes the application. This issue aligns with CWE-121 (stack-based buffer overflow) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its high impact on availability.
Unauthenticated attackers with network access can exploit this vulnerability remotely and with low complexity, requiring no privileges or user interaction. By entering oversized data into the registration name field, they can reliably cause the SpotAuditor application to crash, resulting in a denial of service condition that disrupts functionality for legitimate users.
Advisories and references, including the vendor site at http://www.nsauditor.com, an Exploit-DB proof-of-concept at https://www.exploit-db.com/exploits/47494, and a VulnCheck advisory at https://www.vulncheck.com/advisories/spotauditor-denial-of-service-via-registration-name-field, document the vulnerability but do not specify patches or detailed mitigation steps in the provided information. Security practitioners should verify updates from the vendor and consider input validation or restricting registration access as interim measures.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-19612
Vulnerability details
SpotAuditor 5.3.1.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting excessive data in the registration name field. Attackers can enter a large string of characters (5000 bytes or more) in the name…
more
field during registration to trigger an unhandled exception that crashes the application.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct stack-based buffer overflow in application input field enables remote Endpoint DoS via Application or System Exploitation (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly validates the length and format of registration name field inputs to reject excessive data and prevent the unhandled exception crash.
Ensures graceful handling of errors and exceptions from oversized inputs without compromising system availability or causing application crashes.
Implements protections to limit the effects of denial-of-service attacks exploiting inadequate input handling in the registration process.