CVE-2019-25435
Published: 20 February 2026
Summary
CVE-2019-25435 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Sricam Deviceviewer. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 23.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
Sricam DeviceViewer version 3.12.0.1 is affected by CVE-2019-25435, a stack-based buffer overflow vulnerability (CWE-121) in the user management add user function. The flaw enables authenticated attackers to inject a malicious payload through the Username field, triggering a local buffer overflow that bypasses Data Execution Prevention (DEP) and allows execution of arbitrary code via ROP chain gadgets. Published on 2026-02-20 with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), it poses a high-impact risk to confidentiality, integrity, and availability.
Exploitation requires local access to the system, low attack complexity, and low privileges as an authenticated user, with no user interaction needed. An attacker can achieve arbitrary code execution in the context of the DeviceViewer application, potentially escalating to broader system compromise depending on the application's privileges and environment.
Advisories and resources include a detailed analysis from Vulncheck at https://www.vulncheck.com/advisories/sricam-deviceviewer-local-buffer-overflow-dep-bypass, a proof-of-concept exploit on Exploit-DB at https://www.exploit-db.com/exploits/47477, and the vendor site at https://www.sricam.com/. No specific patches or mitigations are detailed in the available information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-19611
Vulnerability details
Sricam DeviceViewer 3.12.0.1 contains a local buffer overflow vulnerability in the user management add user function that allows authenticated attackers to execute arbitrary code by bypassing data execution prevention. Attackers can inject a malicious payload through the Username field in…
more
User Management to trigger a stack-based buffer overflow and execute commands via ROP chain gadgets.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local stack buffer overflow in client app (DeviceViewer) directly enables arbitrary code execution (T1203) and potential privilege escalation (T1068) via ROP/DEP bypass after authenticated local input.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the stack-based buffer overflow vulnerability in DeviceViewer by applying patches or removing the affected software.
Implements memory protections like stack canaries and ASLR to block or hinder ROP chain exploitation even after DEP bypass.
Validates username inputs in the user management function to reject malicious payloads that trigger the buffer overflow.