Cyber Resilience

CVE-2019-25646

CriticalPublic PoC

Published: 24 March 2026

Published
24 March 2026
Modified
25 March 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0091 55.4th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2019-25646 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Tabslab Mailcarrier. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 44.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability (CWE-787) in the MAIL FROM SMTP command, enabling remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter with an oversized buffer. This flaw affects the SMTP service listening on port 25 and has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for complete system compromise.

Remote attackers can exploit this vulnerability without authentication or user interaction by connecting directly to the exposed SMTP service on TCP port 25 and transmitting a malicious MAIL FROM command. The oversized buffer overwrites the EIP register, allowing control flow hijacking and execution of payloads such as a bind shell, granting attackers full remote code execution capabilities on the target system.

Advisories and proof-of-concept exploits detail the vulnerability, with an exploit available at https://www.exploit-db.com/exploits/46547 and further analysis in the VulnCheck advisory at https://www.vulncheck.com/advisories/tabs-mail-carrier-buffer-overflow-via-mail-from. No specific patches are mentioned in the provided information.

EU & UK References

Vulnerability details

Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Attackers can connect to the SMTP service on port 25…

more

and send a malicious MAIL FROM command with an oversized buffer to overwrite the EIP register and execute a bind shell payload.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in public-facing SMTP service (port 25) enables unauthenticated remote code execution, directly mapping to T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2019-25364Same product: Tabslab Mailcarrier
CVE-2025-27807Shared CWE-787
CVE-2024-48856Shared CWE-787
CVE-2025-14234Shared CWE-787
CVE-2018-25223Shared CWE-787
CVE-2018-25154Shared CWE-787
CVE-2024-57704Shared CWE-787
CVE-2025-29384Shared CWE-787
CVE-2024-12648Shared CWE-787
CVE-2025-30276Shared CWE-787

Affected Assets

tabslab
mailcarrier
2.5.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces validation of information inputs like the MAIL FROM SMTP command parameter to prevent buffer overflows from oversized crafted inputs.

prevent

Mandates timely identification, reporting, and correction of flaws such as the buffer overflow vulnerability in Tabs Mail Carrier.

prevent

Implements memory protections to prevent unauthorized code execution from buffer overflow exploits that overwrite the EIP register.

References