CVE-2019-25637
Published: 24 March 2026
Summary
CVE-2019-25637 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Freshsoftware (inferred from references). Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 8.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
X-NetStat Pro version 5.63 is affected by CVE-2019-25637, a local buffer overflow vulnerability classified under CWE-787. The flaw occurs through a 264-byte buffer overflow that enables attackers to overwrite the EIP register, facilitating arbitrary code execution. This vulnerability is triggered when the application processes malicious input via its HTTP Client or Rules functionality, allowing injection of shellcode into memory combined with an egg hunter technique to locate and execute the payload. The issue carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts.
Local attackers with access to the system can exploit this vulnerability due to its low attack complexity and lack of required privileges (PR:N). By crafting input that exceeds the buffer boundary in the specified components, an attacker can gain control of the execution flow, execute arbitrary shellcode, and potentially escalate privileges or perform other malicious actions on the host.
Advisories and resources, including those from Vulncheck detailing the local buffer overflow via egghunter technique, and an exploit published on Exploit-DB (exploit/46596), highlight the vulnerability. The vendor site at freshsoftware.com provides additional context, though specific patch details are not outlined in available information. Security practitioners should assess exposure in environments running X-NetStat Pro 5.63 and consider application removal or isolation as interim measures pending vendor guidance.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-20014
Vulnerability details
X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Attackers can inject shellcode into memory and use an egg hunter technique to…
more
locate and execute the payload when the application processes malicious input through HTTP Client or Rules functionality.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local buffer overflow enables arbitrary code execution and privilege escalation via EIP overwrite and shellcode injection.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires identification, reporting, and correction of specific flaws like the buffer overflow in CVE-2019-25637, preventing exploitation through patching or software removal.
Mandates validation of information inputs to the HTTP Client and Rules functionality, preventing buffer overflows from malicious oversized payloads.
Implements memory protections such as DEP and ASLR to block execution of injected shellcode and egg hunter techniques even if the buffer overflow occurs.