Cyber Resilience

CVE-2019-25609

HighPublic PoC

Published: 22 March 2026

Published
22 March 2026
Modified
16 April 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0019 8.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25609 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Jetaudio (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 8.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

JetAudio jetCast Server 2.0 is affected by CVE-2019-25609, a stack-based buffer overflow vulnerability in the Log Directory configuration field. This flaw allows local attackers to overwrite structured exception handling (SEH) pointers. It is classified under CWE-787 (Out-of-bounds Write) with a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts from a local, unauthenticated attack.

Local attackers can exploit this vulnerability by injecting alphanumeric encoded shellcode through the Log Directory field, triggering an SEH exception handler overwrite. Successful exploitation enables execution of arbitrary code with the privileges of the running application, potentially leading to full system compromise if the server operates with elevated permissions.

Advisories and related resources include a vulnerability advisory from VulnCheck detailing the local SEH buffer overflow and a public proof-of-concept exploit on Exploit-DB (ID 46854). Vendor pages for JetAudio and jetCast Server 2.0 downloads are available, but no specific patches or mitigations are detailed in the provided references.

EU & UK References

Vulnerability details

JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger an…

more

SEH exception handler and execute arbitrary code with application privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local stack-based buffer overflow with SEH overwrite directly enables arbitrary code execution, mapping to exploitation for privilege escalation (T1068) when the process runs with elevated rights.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2016-20044Shared CWE-787
CVE-2026-23326Shared CWE-787
CVE-2024-43077Shared CWE-787
CVE-2024-53697Shared CWE-787
CVE-2025-20890Shared CWE-787
CVE-2026-23073Shared CWE-787
CVE-2025-20708Shared CWE-787
CVE-2025-1471Shared CWE-787
CVE-2024-35273Shared CWE-787
CVE-2022-49062Shared CWE-787

Affected Assets

Jetaudio
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the stack-based buffer overflow vulnerability in the Log Directory field by requiring identification, reporting, and correction of the specific flaw.

prevent

Requires validation of information inputs to the Log Directory configuration field to block malicious alphanumeric shellcode that triggers the SEH overwrite.

prevent

Implements memory safeguards such as DEP and ASLR to prevent unauthorized code execution from SEH pointer overwrites and shellcode injection.

References