Cyber Resilience

CVE-2019-25435

HighPublic PoC

Published: 20 February 2026

Published
20 February 2026
Modified
26 February 2026
KEV Added
Patch
CVSS Score v4 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0032 23.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25435 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Sricam Deviceviewer. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 23.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

Sricam DeviceViewer version 3.12.0.1 is affected by CVE-2019-25435, a stack-based buffer overflow vulnerability (CWE-121) in the user management add user function. The flaw enables authenticated attackers to inject a malicious payload through the Username field, triggering a local buffer overflow that bypasses Data Execution Prevention (DEP) and allows execution of arbitrary code via ROP chain gadgets. Published on 2026-02-20 with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), it poses a high-impact risk to confidentiality, integrity, and availability.

Exploitation requires local access to the system, low attack complexity, and low privileges as an authenticated user, with no user interaction needed. An attacker can achieve arbitrary code execution in the context of the DeviceViewer application, potentially escalating to broader system compromise depending on the application's privileges and environment.

Advisories and resources include a detailed analysis from Vulncheck at https://www.vulncheck.com/advisories/sricam-deviceviewer-local-buffer-overflow-dep-bypass, a proof-of-concept exploit on Exploit-DB at https://www.exploit-db.com/exploits/47477, and the vendor site at https://www.sricam.com/. No specific patches or mitigations are detailed in the available information.

EU & UK References

Vulnerability details

Sricam DeviceViewer 3.12.0.1 contains a local buffer overflow vulnerability in the user management add user function that allows authenticated attackers to execute arbitrary code by bypassing data execution prevention. Attackers can inject a malicious payload through the Username field in…

more

User Management to trigger a stack-based buffer overflow and execute commands via ROP chain gadgets.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Local stack buffer overflow in client app (DeviceViewer) directly enables arbitrary code execution (T1203) and potential privilege escalation (T1068) via ROP/DEP bypass after authenticated local input.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-25570Shared CWE-121
CVE-2020-37013Shared CWE-121
CVE-2019-25336Shared CWE-121
CVE-2018-25303Shared CWE-121
CVE-2026-33147Shared CWE-121
CVE-2026-29974Shared CWE-121
CVE-2025-70083Shared CWE-121
CVE-2026-32708Shared CWE-121
CVE-2025-54480Shared CWE-121
CVE-2026-44858Shared CWE-121

Affected Assets

sricam
deviceviewer
3.12.0.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventrecover

Directly remediates the stack-based buffer overflow vulnerability in DeviceViewer by applying patches or removing the affected software.

prevent

Implements memory protections like stack canaries and ASLR to block or hinder ROP chain exploitation even after DEP bypass.

prevent

Validates username inputs in the user management function to reject malicious payloads that trigger the buffer overflow.

References