Cyber Resilience

CVE-2019-25637

HighPublic PoC

Published: 24 March 2026

Published
24 March 2026
Modified
24 March 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0018 8.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25637 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Freshsoftware (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 8.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

X-NetStat Pro version 5.63 is affected by CVE-2019-25637, a local buffer overflow vulnerability classified under CWE-787. The flaw occurs through a 264-byte buffer overflow that enables attackers to overwrite the EIP register, facilitating arbitrary code execution. This vulnerability is triggered when the application processes malicious input via its HTTP Client or Rules functionality, allowing injection of shellcode into memory combined with an egg hunter technique to locate and execute the payload. The issue carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts.

Local attackers with access to the system can exploit this vulnerability due to its low attack complexity and lack of required privileges (PR:N). By crafting input that exceeds the buffer boundary in the specified components, an attacker can gain control of the execution flow, execute arbitrary shellcode, and potentially escalate privileges or perform other malicious actions on the host.

Advisories and resources, including those from Vulncheck detailing the local buffer overflow via egghunter technique, and an exploit published on Exploit-DB (exploit/46596), highlight the vulnerability. The vendor site at freshsoftware.com provides additional context, though specific patch details are not outlined in available information. Security practitioners should assess exposure in environments running X-NetStat Pro 5.63 and consider application removal or isolation as interim measures pending vendor guidance.

EU & UK References

Vulnerability details

X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Attackers can inject shellcode into memory and use an egg hunter technique to…

more

locate and execute the payload when the application processes malicious input through HTTP Client or Rules functionality.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local buffer overflow enables arbitrary code execution and privilege escalation via EIP overwrite and shellcode injection.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2016-20044Shared CWE-787
CVE-2026-23326Shared CWE-787
CVE-2024-43077Shared CWE-787
CVE-2024-53697Shared CWE-787
CVE-2025-20890Shared CWE-787
CVE-2026-23073Shared CWE-787
CVE-2025-20708Shared CWE-787
CVE-2025-1471Shared CWE-787
CVE-2024-35273Shared CWE-787
CVE-2022-49062Shared CWE-787

Affected Assets

Freshsoftware
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires identification, reporting, and correction of specific flaws like the buffer overflow in CVE-2019-25637, preventing exploitation through patching or software removal.

prevent

Mandates validation of information inputs to the HTTP Client and Rules functionality, preventing buffer overflows from malicious oversized payloads.

prevent

Implements memory protections such as DEP and ASLR to block execution of injected shellcode and egg hunter techniques even if the buffer overflow occurs.

References