CVE-2019-25631
Published: 24 March 2026
Summary
CVE-2019-25631 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Aida64 Aida64. Its CVSS base score is 8.4 (High).
Operationally, ranked at the 0.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires timely flaw remediation, directly preventing exploitation of the known SEH buffer overflow in AIDA64 Business by applying vendor patches.
SI-16 implements memory protection mechanisms like DEP and ASLR that mitigate SEH pointer overwrites and buffer overflow exploits.
SI-10 enforces validation of information inputs such as the SMTP display name field, preventing the buffer overflow triggered by malicious shellcode injection.
NVD Description
AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious shellcode. Attackers can inject egg hunter shellcode through the SMTP display name field in preferences…
more
or report wizard functionality to trigger the overflow and execute code with application privileges.
Deeper analysisAI
CVE-2019-25631 is a structured exception handling (SEH) buffer overflow vulnerability in AIDA64 Business version 5.99.4900. The flaw, classified under CWE-787, enables local attackers to overwrite SEH pointers with malicious shellcode, leading to arbitrary code execution. Attackers can inject egg hunter shellcode specifically through the SMTP display name field in the application's preferences or report wizard functionality to trigger the overflow.
The vulnerability has a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating a local attack vector with low complexity, no required privileges, and no user interaction. Local attackers can exploit it to execute code with the privileges of the AIDA64 Business application, potentially compromising confidentiality, integrity, and availability at a high level.
Advisories and resources for this vulnerability are available at the vendor's website (https://www.aida64.com and https://www.aida64.com/downloads), an Exploit-DB entry with a proof-of-concept (https://www.exploit-db.com/exploits/46639), and a VulnCheck advisory detailing the SEH buffer overflow via egghunter (https://www.vulncheck.com/advisories/aida64-business-seh-buffer-overflow-via-egghunter). The CVE was published on 2026-03-24.
Details
- CWE(s)