CVE-2019-25609
Published: 22 March 2026
Summary
CVE-2019-25609 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Jetaudio (inferred from references). Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 8.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
JetAudio jetCast Server 2.0 is affected by CVE-2019-25609, a stack-based buffer overflow vulnerability in the Log Directory configuration field. This flaw allows local attackers to overwrite structured exception handling (SEH) pointers. It is classified under CWE-787 (Out-of-bounds Write) with a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts from a local, unauthenticated attack.
Local attackers can exploit this vulnerability by injecting alphanumeric encoded shellcode through the Log Directory field, triggering an SEH exception handler overwrite. Successful exploitation enables execution of arbitrary code with the privileges of the running application, potentially leading to full system compromise if the server operates with elevated permissions.
Advisories and related resources include a vulnerability advisory from VulnCheck detailing the local SEH buffer overflow and a public proof-of-concept exploit on Exploit-DB (ID 46854). Vendor pages for JetAudio and jetCast Server 2.0 downloads are available, but no specific patches or mitigations are detailed in the provided references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-19959
Vulnerability details
JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger an…
more
SEH exception handler and execute arbitrary code with application privileges.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local stack-based buffer overflow with SEH overwrite directly enables arbitrary code execution, mapping to exploitation for privilege escalation (T1068) when the process runs with elevated rights.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the stack-based buffer overflow vulnerability in the Log Directory field by requiring identification, reporting, and correction of the specific flaw.
Requires validation of information inputs to the Log Directory configuration field to block malicious alphanumeric shellcode that triggers the SEH overwrite.
Implements memory safeguards such as DEP and ASLR to prevent unauthorized code execution from SEH pointer overwrites and shellcode injection.