Cyber Resilience

CVE-2019-25611

HighPublic PoC

Published: 22 March 2026

Published
22 March 2026
Modified
16 April 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0015 4.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25611 is a high-severity Out-of-bounds Write (CWE-787) vulnerability. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2019-25611 is a buffer overflow vulnerability (CWE-787) in the parseconf_load_setting function of MiniFtp. The flaw affects the MiniFtp software, which processes configuration files, where oversized values exceeding 128 bytes trigger a stack buffer overflow.

Local attackers can exploit this vulnerability with low complexity and no privileges required (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, score 8.4). By crafting a malicious miniftpd.conf file with oversized configuration values, attackers overflow stack buffers and overwrite the return address, enabling arbitrary code execution with root privileges.

Advisories and references, including the Vulncheck advisory on the parseconf_load_setting buffer overflow via configuration, an Exploit-DB entry (46807) demonstrating exploitation, and the MiniFtp GitHub repository, provide further technical details but do not specify patches or mitigations in the available information.

EU & UK References

Vulnerability details

MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite…

more

the return address, enabling code execution with root privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Buffer overflow via malicious config file enables local arbitrary code execution for root privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2016-20044Shared CWE-787
CVE-2026-23326Shared CWE-787
CVE-2024-43077Shared CWE-787
CVE-2024-53697Shared CWE-787
CVE-2025-20890Shared CWE-787
CVE-2026-23073Shared CWE-787
CVE-2025-20708Shared CWE-787
CVE-2025-1471Shared CWE-787
CVE-2024-35273Shared CWE-787
CVE-2022-49062Shared CWE-787

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of configuration file inputs to prevent buffer overflows from oversized values exceeding 128 bytes in parseconf_load_setting.

prevent

Implements memory protections such as stack canaries, ASLR, and non-executable stacks to mitigate exploitation of the stack buffer overflow leading to return address overwrite.

prevent

Mandates identification, reporting, and correction of the specific buffer overflow flaw in MiniFtp, including patching or replacing the vulnerable software.

References