Cyber Resilience

CVE-2019-25629

HighPublic PoC

Published: 24 March 2026

Published
24 March 2026
Modified
27 March 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0022 11.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25629 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Aida64 Aida64. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 11.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

AIDA64 Extreme version 5.99.4900 contains a structured exception handler buffer overflow vulnerability in its logging functionality, tracked as CVE-2019-25629 and mapped to CWE-787 (Out-of-bounds Write). This flaw affects the application's processing of CSV log file paths, particularly through the Hardware Monitoring logging preferences, where insufficient bounds checking allows buffer overflows.

Local attackers can exploit this vulnerability with low complexity and no user interaction or privileges required, as indicated by its CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). By supplying a malicious CSV log file path containing injected shellcode, an attacker triggers the overflow during log file path processing, enabling arbitrary code execution with high impacts on confidentiality, integrity, and availability.

Advisories and related resources include a Vulncheck advisory detailing the SEH buffer overflow via logging at https://www.vulncheck.com/advisories/aida64-extreme-seh-buffer-overflow-via-logging, an Exploit-DB proof-of-concept at https://www.exploit-db.com/exploits/46660, the vendor site at https://www.aida64.com, and a download link for the affected version at http://download.aida64.com/aida64extreme599.exe. Security practitioners should review these for mitigation guidance and updates, as no patch details are specified in the CVE description. A public exploit underscores the need for immediate upgrades where possible.

EU & UK References

Vulnerability details

AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicious CSV log file path. Attackers can inject shellcode through the Hardware Monitoring logging…

more

preferences to overflow the buffer and trigger code execution when the application processes the log file path.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Local SEH buffer overflow in client application directly enables arbitrary code execution via malicious input (CSV path), mapping to Exploitation for Client Execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2019-25633Same product: Aida64 Aida64
CVE-2019-25631Same product: Aida64 Aida64
CVE-2019-25360Same product: Aida64 Aida64
CVE-2019-25705Shared CWE-787
CVE-2026-0538Shared CWE-787
CVE-2016-20046Shared CWE-787
CVE-2019-25628Shared CWE-787
CVE-2019-25695Shared CWE-787
CVE-2018-25218Shared CWE-787
CVE-2026-42484Shared CWE-787

Affected Assets

aida64
aida64
5.99.4900

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventrecover

Flaw remediation directly addresses the buffer overflow vulnerability in AIDA64 Extreme by requiring timely patching or removal of the affected software version.

prevent

Information input validation enforces bounds checking on CSV log file paths in the logging functionality, preventing the out-of-bounds write and shellcode injection.

prevent

Memory protection mechanisms such as DEP and ASLR mitigate arbitrary code execution from the SEH buffer overflow even if the input validation flaw exists.

References