CVE-2019-25679
Published: 05 April 2026
Summary
CVE-2019-25679 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Crun Realterm. Its CVSS base score is 8.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious Copy and Paste (T1204.004); ranked at the 23.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2019-25679 is a structured exception handling (SEH) buffer overflow vulnerability in RealTerm Serial Terminal version 2.0.0.70, specifically within the Echo Port tab. This flaw, classified under CWE-787 (Out-of-bounds Write), enables local attackers to execute arbitrary code by supplying a malicious payload. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H), reflecting high confidentiality, integrity, and availability impacts.
Exploitation requires local access to the system running the affected software. An attacker can craft a buffer overflow payload featuring a POP POP RET gadget chain followed by shellcode, then paste it into the Port field on the Echo Port tab and click the Change button. This user interaction triggers the SEH overflow, leading to arbitrary code execution with the privileges of the user running RealTerm.
References point to the official RealTerm SourceForge project pages, an Exploit-DB entry (46441) with a public proof-of-concept, and a VulnCheck advisory detailing the RealTerm Serial Terminal buffer overflow. No specific patches or mitigations are described in the available information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-20093
Vulnerability details
RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a buffer overflow payload with a…
more
POP POP RET gadget chain and shellcode that triggers code execution when pasted into the Port field and the Change button is clicked.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local SEH buffer overflow in GUI input field directly enables arbitrary code execution via malicious copy-paste into the Port field followed by UI action (Change button).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and remediation of flaws like this SEH buffer overflow, eliminating the vulnerability through patching or software replacement.
Implements memory protections such as DEP, ASLR, and stack canaries that directly thwart SEH buffer overflow exploitation for arbitrary code execution.
Mandates validation of user inputs like the malicious payload in the Echo Port field to prevent buffer overflows from occurring.