Cyber Resilience

CVE-2019-25466

HighPublic PoC

Published: 11 March 2026

Published
11 March 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0015 4.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25466 is a high-severity Out-of-bounds Write (CWE-787) vulnerability. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2019-25466 is a local structured exception handling (SEH) buffer overflow vulnerability in Easy File Sharing Web Server 7.2. The flaw occurs when adding a new user account, allowing local attackers to execute arbitrary code by crafting a malicious username containing 4059 bytes of padding followed by an nseh value and SEH pointer to trigger the overflow. It is classified under CWE-787 (Out-of-bounds Write) with a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Local attackers with access to the affected system can exploit this vulnerability without requiring privileges (PR:N) or user interaction (UI:N). Successful exploitation enables arbitrary code execution, granting high-impact confidentiality, integrity, and availability compromises on the target system.

Details on the vulnerability, including exploit code, are documented in references such as https://www.exploit-db.com/exploits/47411 and https://www.vulncheck.com/advisories/easy-file-sharing-web-server-local-seh-overflow. No patch or mitigation details are specified in the CVE description.

EU & UK References

Vulnerability details

Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. Attackers can craft a username with a payload containing 4059 bytes of…

more

padding followed by a nseh value and seh pointer to trigger the overflow when adding a new user account.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local SEH buffer overflow enabling arbitrary code execution on the target system directly facilitates exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2016-20044Shared CWE-787
CVE-2026-23326Shared CWE-787
CVE-2024-43077Shared CWE-787
CVE-2024-53697Shared CWE-787
CVE-2025-20890Shared CWE-787
CVE-2026-23073Shared CWE-787
CVE-2025-20708Shared CWE-787
CVE-2025-1471Shared CWE-787
CVE-2024-35273Shared CWE-787
CVE-2022-49062Shared CWE-787

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely identification, reporting, and correction of system flaws like this buffer overflow vulnerability, directly eliminating the root cause by patching or replacing the affected software.

prevent

SI-10 mandates validation of information inputs such as usernames to ensure they are within expected lengths and formats, preventing the buffer overflow triggered by oversized malicious payloads.

prevent

SI-16 implements memory protections like DEP and ASLR that thwart exploitation of SEH buffer overflows by preventing arbitrary code execution from overwritten exception handlers.

References