CVE-2019-25646
Published: 24 March 2026
Summary
CVE-2019-25646 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Tabslab Mailcarrier. Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 44.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability (CWE-787) in the MAIL FROM SMTP command, enabling remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter with an oversized buffer. This flaw affects the SMTP service listening on port 25 and has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for complete system compromise.
Remote attackers can exploit this vulnerability without authentication or user interaction by connecting directly to the exposed SMTP service on TCP port 25 and transmitting a malicious MAIL FROM command. The oversized buffer overwrites the EIP register, allowing control flow hijacking and execution of payloads such as a bind shell, granting attackers full remote code execution capabilities on the target system.
Advisories and proof-of-concept exploits detail the vulnerability, with an exploit available at https://www.exploit-db.com/exploits/46547 and further analysis in the VulnCheck advisory at https://www.vulncheck.com/advisories/tabs-mail-carrier-buffer-overflow-via-mail-from. No specific patches are mentioned in the provided information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-20031
Vulnerability details
Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Attackers can connect to the SMTP service on port 25…
more
and send a malicious MAIL FROM command with an oversized buffer to overwrite the EIP register and execute a bind shell payload.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public-facing SMTP service (port 25) enables unauthenticated remote code execution, directly mapping to T1190: Exploit Public-Facing Application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces validation of information inputs like the MAIL FROM SMTP command parameter to prevent buffer overflows from oversized crafted inputs.
Mandates timely identification, reporting, and correction of flaws such as the buffer overflow vulnerability in Tabs Mail Carrier.
Implements memory protections to prevent unauthorized code execution from buffer overflow exploits that overwrite the EIP register.