CVE-2019-25627
Published: 24 March 2026
Summary
CVE-2019-25627 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Flexhex Flexhex. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 16.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2019-25627 is a local buffer overflow vulnerability affecting FlexHEX version 2.71, specifically in the Stream Name field. The flaw enables local attackers to trigger a structured exception handler (SEH) overflow, allowing execution of arbitrary code. It is classified under CWE-434 and carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Local attackers can exploit this vulnerability by crafting a malicious text file with carefully aligned shellcode and SEH chain pointers, then pasting its contents into the Stream Name dialog. This action triggers the exception handler, enabling execution of arbitrary commands, such as calc.exe. The attack requires local access but no privileges or special user interaction beyond pasting the payload.
Advisories and references, including a VulnCheck advisory on the FlexHEX local buffer overflow via SEH Unicode and an Exploit-DB entry (46665), document the issue and provide exploit details. The FlexHEX website and download page are also referenced, though no specific patch or mitigation steps are outlined in the available information.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-19994
Vulnerability details
FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overflow. Attackers can craft a malicious text file with carefully aligned shellcode…
more
and SEH chain pointers, paste the contents into the Stream Name dialog, and execute arbitrary commands like calc.exe when the exception handler is triggered.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local SEH buffer overflow enables arbitrary code execution by a local attacker with no privileges required.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Remediates the buffer overflow vulnerability in FlexHEX's Stream Name field by applying patches or upgrades to eliminate the root cause.
Mitigates SEH overflow exploitation through memory protections such as DEP, ASLR, and stack canaries even if the flaw remains unpatched.
Prevents the buffer overflow by enforcing validation of malicious inputs pasted into the Stream Name dialog.