CVE-2019-25634
Published: 24 March 2026
Summary
CVE-2019-25634 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in 4Mhz Base64 Decoder. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 17.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2019-25634 is a stack-based buffer overflow vulnerability in Base64 Decoder version 1.1.2, classified under CWE-787 (Out-of-bounds Write). The flaw enables local attackers to execute arbitrary code through a structured exception handler (SEH) overwrite. By providing a specially crafted malicious input file, the buffer overflow corrupts the SEH chain, allowing control flow hijacking via a POP-POP-RET gadget address, followed by an egghunter payload to locate and execute shellcode. The vulnerability carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.
Local attackers with access to the system running Base64 Decoder 1.1.2 can exploit this vulnerability without privileges or user interaction. Exploitation involves crafting an input file that triggers the buffer overflow during decoding, overwriting the SEH record to redirect execution to a ROP gadget, and using an egghunter technique to bypass size limitations and execute shellcode, resulting in full arbitrary code execution on the target system.
Advisories and references, including a proof-of-concept exploit on Exploit-DB (46625) and a VulnCheck advisory, detail the SEH-based exploitation but do not specify patches or vendor mitigations for this standalone tool. The official site (4mhz.de) provides the vulnerable version download, highlighting the need for practitioners to avoid using Base64 Decoder 1.1.2 or implement input validation and ASLR/DEP where possible. A public exploit confirms practical exploitability in controlled environments.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-20008
Vulnerability details
Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH chain…
more
with a POP-POP-RET gadget address, and uses an egghunter payload to locate and execute shellcode for code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local stack buffer overflow enables arbitrary code execution via crafted malicious input file (T1204.002) and directly supports local exploitation for privilege escalation to achieve code execution (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Validates and sanitizes input files to prevent buffer overflows from maliciously crafted Base64 inputs that trigger SEH overwrite.
Implements memory protections such as ASLR, DEP, and stack canaries to block SEH chain corruption, ROP gadgets like POP-POP-RET, and egghunter payload execution.
Requires timely patching or removal of vulnerable software like Base64 Decoder 1.1.2 to eliminate the exploitable stack-based buffer overflow.