Cyber Resilience

CVE-2019-25633

HighPublic PoC

Published: 24 March 2026

Published
24 March 2026
Modified
26 March 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0026 16.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25633 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Aida64 Aida64. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 16.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2019-25633 is a structured exception handling buffer overflow vulnerability in AIDA64 Extreme version 5.99.4900. The flaw resides in the email preferences and report wizard interfaces, where insufficient bounds checking on user-supplied input leads to a buffer overflow condition, classified under CWE-787 (Out-of-bounds Write). It carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Local attackers can exploit this vulnerability without requiring privileges or user interaction by injecting crafted payloads into the Display name field or Load from file parameter. Successful exploitation triggers the SEH overflow, enabling arbitrary code execution in the context of the application with its privileges.

References include an Exploit-DB entry (46636) demonstrating the issue, a Vulncheck advisory detailing the SEH buffer overflow via egghunter technique, the official AIDA64 website, and a download link for the vulnerable AIDA64 Extreme 5.99.4900 executable. Security practitioners should review these for exploit details and verify patching by upgrading to later versions.

EU & UK References

Vulnerability details

AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input through the email preferences and report wizard interfaces. Attackers can inject crafted payloads into the Display name…

more

field and Load from file parameter to trigger the overflow and execute shellcode with application privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Local SEH buffer overflow enables arbitrary code execution in a client application (AIDA64), directly mapping to exploitation for client execution.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2019-25629Same product: Aida64 Aida64
CVE-2019-25631Same product: Aida64 Aida64
CVE-2019-25360Same product: Aida64 Aida64
CVE-2019-25705Shared CWE-787
CVE-2026-0538Shared CWE-787
CVE-2016-20046Shared CWE-787
CVE-2019-25628Shared CWE-787
CVE-2019-25695Shared CWE-787
CVE-2018-25218Shared CWE-787
CVE-2026-42484Shared CWE-787

Affected Assets

aida64
aida64
5.99.4900

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation directly mitigates this CVE by applying vendor patches to fix the buffer overflow vulnerability in AIDA64 Extreme.

prevent

Memory protection safeguards such as DEP and ASLR prevent arbitrary code execution from SEH buffer overflows triggered by crafted inputs.

prevent

Information input validation enforces bounds checking on user-supplied inputs like Display name and Load from file parameters to mitigate the out-of-bounds write.

References