Cyber Resilience

CVE-2019-25634

HighPublic PoCUpdated

Published: 24 March 2026

Published
24 March 2026
Modified
03 June 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0026 17.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25634 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in 4Mhz Base64 Decoder. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 17.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2019-25634 is a stack-based buffer overflow vulnerability in Base64 Decoder version 1.1.2, classified under CWE-787 (Out-of-bounds Write). The flaw enables local attackers to execute arbitrary code through a structured exception handler (SEH) overwrite. By providing a specially crafted malicious input file, the buffer overflow corrupts the SEH chain, allowing control flow hijacking via a POP-POP-RET gadget address, followed by an egghunter payload to locate and execute shellcode. The vulnerability carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.

Local attackers with access to the system running Base64 Decoder 1.1.2 can exploit this vulnerability without privileges or user interaction. Exploitation involves crafting an input file that triggers the buffer overflow during decoding, overwriting the SEH record to redirect execution to a ROP gadget, and using an egghunter technique to bypass size limitations and execute shellcode, resulting in full arbitrary code execution on the target system.

Advisories and references, including a proof-of-concept exploit on Exploit-DB (46625) and a VulnCheck advisory, detail the SEH-based exploitation but do not specify patches or vendor mitigations for this standalone tool. The official site (4mhz.de) provides the vulnerable version download, highlighting the need for practitioners to avoid using Base64 Decoder 1.1.2 or implement input validation and ASLR/DEP where possible. A public exploit confirms practical exploitability in controlled environments.

EU & UK References

Vulnerability details

Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH chain…

more

with a POP-POP-RET gadget address, and uses an egghunter payload to locate and execute shellcode for code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Local stack buffer overflow enables arbitrary code execution via crafted malicious input file (T1204.002) and directly supports local exploitation for privilege escalation to achieve code execution (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-57955Shared CWE-787
CVE-2024-54523Shared CWE-787
CVE-2016-20044Shared CWE-787
CVE-2026-33144Shared CWE-787
CVE-2026-23326Shared CWE-787
CVE-2024-43077Shared CWE-787
CVE-2024-53697Shared CWE-787
CVE-2025-20890Shared CWE-787
CVE-2025-24451Shared CWE-787
CVE-2026-23073Shared CWE-787

Affected Assets

4mhz
base64 decoder
1.1.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates and sanitizes input files to prevent buffer overflows from maliciously crafted Base64 inputs that trigger SEH overwrite.

prevent

Implements memory protections such as ASLR, DEP, and stack canaries to block SEH chain corruption, ROP gadgets like POP-POP-RET, and egghunter payload execution.

prevent

Requires timely patching or removal of vulnerable software like Base64 Decoder 1.1.2 to eliminate the exploitable stack-based buffer overflow.

References