Cyber Resilience

CVE-2019-25615

HighPublic PoC

Published: 22 March 2026

Published
22 March 2026
Modified
16 April 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0019 8.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25615 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Jaleco (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 8.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2019-25615 is a structured exception handling (SEH) buffer overflow vulnerability in Lavavo CD Ripper version 4.20. The issue arises when a malicious string is supplied in the License Activation Name field, enabling local attackers to execute arbitrary code through a crafted payload that includes controlled buffer data, NSEH jump instructions, and SEH handler addresses. It is classified under CWE-787 (Out-of-bounds Write) with a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Local attackers can exploit this vulnerability on systems running the affected software. No privileges or user interaction are required, allowing unauthenticated local users to trigger the overflow and achieve remote code execution, such as establishing a bind shell on port 3110.

Advisories and related resources include a VulnCheck advisory at https://www.vulncheck.com/advisories/lavavo-cd-ripper-local-seh-buffer-overflow, an Exploit-DB entry at https://www.exploit-db.com/exploits/46755, and vendor-related sites at https://www.lavavosoftware.com and https://lavavo-cd-ripper.jaleco.com/download. The CVE was published on 2026-03-22T14:16:30.117, with no patch or mitigation details specified in the description.

EU & UK References

Vulnerability details

Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Activation Name field. Attackers can craft a payload with controlled buffer…

more

data, NSEH jump instructions, and SEH handler addresses to trigger code execution and establish a bind shell on port 3110.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local SEH buffer overflow enabling unauthenticated arbitrary code execution directly maps to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2016-20044Shared CWE-787
CVE-2026-23326Shared CWE-787
CVE-2024-43077Shared CWE-787
CVE-2024-53697Shared CWE-787
CVE-2025-20890Shared CWE-787
CVE-2026-23073Shared CWE-787
CVE-2025-20708Shared CWE-787
CVE-2025-1471Shared CWE-787
CVE-2024-35273Shared CWE-787
CVE-2022-49062Shared CWE-787

Affected Assets

Jaleco
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 directly remediates the SEH buffer overflow flaw in Lavavo CD Ripper by identifying, reporting, and correcting the vulnerability through patching or removal.

prevent

SI-10 prevents the buffer overflow by enforcing validation of malicious strings supplied to the License Activation Name field.

prevent

SI-16 mitigates exploitation of the SEH buffer overflow using memory protections such as DEP, ASLR, and stack canaries.

References