Cyber Resilience

CVE-2019-25631

HighPublic PoC

Published: 24 March 2026

Published
24 March 2026
Modified
27 March 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0026 16.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25631 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Aida64 Aida64. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 16.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2019-25631 is a structured exception handling (SEH) buffer overflow vulnerability in AIDA64 Business version 5.99.4900. The flaw, classified under CWE-787, enables local attackers to overwrite SEH pointers with malicious shellcode, leading to arbitrary code execution. Attackers can inject egg hunter shellcode specifically through the SMTP display name field in the application's preferences or report wizard functionality to trigger the overflow.

The vulnerability has a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating a local attack vector with low complexity, no required privileges, and no user interaction. Local attackers can exploit it to execute code with the privileges of the AIDA64 Business application, potentially compromising confidentiality, integrity, and availability at a high level.

Advisories and resources for this vulnerability are available at the vendor's website (https://www.aida64.com and https://www.aida64.com/downloads), an Exploit-DB entry with a proof-of-concept (https://www.exploit-db.com/exploits/46639), and a VulnCheck advisory detailing the SEH buffer overflow via egghunter (https://www.vulncheck.com/advisories/aida64-business-seh-buffer-overflow-via-egghunter). The CVE was published on 2026-03-24.

EU & UK References

Vulnerability details

AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious shellcode. Attackers can inject egg hunter shellcode through the SMTP display name field in preferences…

more

or report wizard functionality to trigger the overflow and execute code with application privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local SEH buffer overflow enabling arbitrary code execution via shellcode injection maps directly to exploitation of a software vulnerability for code execution/privilege escalation in the context of the running application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2019-25633Same product: Aida64 Aida64
CVE-2019-25629Same product: Aida64 Aida64
CVE-2019-25360Same product: Aida64 Aida64
CVE-2016-20044Shared CWE-787
CVE-2026-23326Shared CWE-787
CVE-2024-43077Shared CWE-787
CVE-2024-53697Shared CWE-787
CVE-2025-20890Shared CWE-787
CVE-2026-23073Shared CWE-787
CVE-2025-20708Shared CWE-787

Affected Assets

aida64
aida64
5.99.4900

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely flaw remediation, directly preventing exploitation of the known SEH buffer overflow in AIDA64 Business by applying vendor patches.

prevent

SI-16 implements memory protection mechanisms like DEP and ASLR that mitigate SEH pointer overwrites and buffer overflow exploits.

prevent

SI-10 enforces validation of information inputs such as the SMTP display name field, preventing the buffer overflow triggered by malicious shellcode injection.

References