CVE-2019-25626
Published: 24 March 2026
Summary
CVE-2019-25626 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in River Past Cam Do Project River Past Cam Do. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 15.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2019-25626 is a local buffer overflow vulnerability in River Past Cam Do version 3.7.6, specifically within the activation code input field. The flaw occurs when the activation dialog processes a malicious activation code string, enabling local attackers to execute arbitrary code. Attackers can craft an input buffer consisting of 608 bytes of junk data followed by shellcode and SEH chain overwrite values to trigger the overflow and achieve code execution.
Local attackers can exploit this vulnerability with low attack complexity, requiring only local access (AV:L), no privileges (PR:N), and no user interaction (UI:N). Successful exploitation results in high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), allowing arbitrary code execution on the affected system, as reflected in its CVSS v3.1 base score of 8.4.
References include an Exploit-DB entry (46670) detailing a proof-of-concept exploit, a Vulncheck advisory on the buffer overflow in the activation code, and other sources like flexhex.com. No specific patches or mitigations are detailed in the provided information.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-19992
Vulnerability details
River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows local attackers to execute arbitrary code by supplying a malicious activation code string. Attackers can craft a buffer containing 608 bytes…
more
of junk data followed by shellcode and SEH chain overwrite values to trigger code execution when the activation dialog processes the input.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local buffer overflow in activation input directly enables arbitrary code execution with no privileges required, mapping to exploitation for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly validates the activation code input for length and content to prevent buffer overflows from malicious strings.
Implements memory safeguards like DEP, ASLR, and stack canaries to block arbitrary code execution from SEH chain overwrites in buffer overflows.
Requires timely identification, reporting, and patching of the buffer overflow flaw in the activation code processing.