Cyber Resilience

CVE-2019-25626

HighPublic PoC

Published: 24 March 2026

Published
24 March 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0024 15.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25626 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in River Past Cam Do Project River Past Cam Do. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 15.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2019-25626 is a local buffer overflow vulnerability in River Past Cam Do version 3.7.6, specifically within the activation code input field. The flaw occurs when the activation dialog processes a malicious activation code string, enabling local attackers to execute arbitrary code. Attackers can craft an input buffer consisting of 608 bytes of junk data followed by shellcode and SEH chain overwrite values to trigger the overflow and achieve code execution.

Local attackers can exploit this vulnerability with low attack complexity, requiring only local access (AV:L), no privileges (PR:N), and no user interaction (UI:N). Successful exploitation results in high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), allowing arbitrary code execution on the affected system, as reflected in its CVSS v3.1 base score of 8.4.

References include an Exploit-DB entry (46670) detailing a proof-of-concept exploit, a Vulncheck advisory on the buffer overflow in the activation code, and other sources like flexhex.com. No specific patches or mitigations are detailed in the provided information.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows local attackers to execute arbitrary code by supplying a malicious activation code string. Attackers can craft a buffer containing 608 bytes…

more

of junk data followed by shellcode and SEH chain overwrite values to trigger code execution when the activation dialog processes the input.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local buffer overflow in activation input directly enables arbitrary code execution with no privileges required, mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2018-25258Shared CWE-434
CVE-2019-25627Shared CWE-434
CVE-2025-34329Shared CWE-434
CVE-2025-34195Shared CWE-434
CVE-2024-44598Shared CWE-434
CVE-2025-20354Shared CWE-434
CVE-2025-12153Shared CWE-434
CVE-2025-13066Shared CWE-434
CVE-2025-60947Shared CWE-434
CVE-2025-63601Shared CWE-434

Affected Assets

river past cam do project
river past cam do
≤ 3.7.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates the activation code input for length and content to prevent buffer overflows from malicious strings.

prevent

Implements memory safeguards like DEP, ASLR, and stack canaries to block arbitrary code execution from SEH chain overwrites in buffer overflows.

prevent

Requires timely identification, reporting, and patching of the buffer overflow flaw in the activation code processing.

References