Cyber Resilience

CVE-2019-25679

HighPublic PoC

Published: 05 April 2026

Published
05 April 2026
Modified
20 April 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0031 23.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25679 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Crun Realterm. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious Copy and Paste (T1204.004); ranked at the 23.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2019-25679 is a structured exception handling (SEH) buffer overflow vulnerability in RealTerm Serial Terminal version 2.0.0.70, specifically within the Echo Port tab. This flaw, classified under CWE-787 (Out-of-bounds Write), enables local attackers to execute arbitrary code by supplying a malicious payload. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H), reflecting high confidentiality, integrity, and availability impacts.

Exploitation requires local access to the system running the affected software. An attacker can craft a buffer overflow payload featuring a POP POP RET gadget chain followed by shellcode, then paste it into the Port field on the Echo Port tab and click the Change button. This user interaction triggers the SEH overflow, leading to arbitrary code execution with the privileges of the user running RealTerm.

References point to the official RealTerm SourceForge project pages, an Exploit-DB entry (46441) with a public proof-of-concept, and a VulnCheck advisory detailing the RealTerm Serial Terminal buffer overflow. No specific patches or mitigations are described in the available information.

EU & UK References

Vulnerability details

RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a buffer overflow payload with a…

more

POP POP RET gadget chain and shellcode that triggers code execution when pasted into the Port field and the Change button is clicked.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.004 Malicious Copy and Paste Execution
An adversary may rely upon a user copying and pasting code in order to gain execution.
Why these techniques?

Local SEH buffer overflow in GUI input field directly enables arbitrary code execution via malicious copy-paste into the Port field followed by UI action (Change button).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-49749Shared CWE-787
CVE-2016-20044Shared CWE-787
CVE-2026-41990Shared CWE-787
CVE-2026-33144Shared CWE-787
CVE-2026-23326Shared CWE-787
CVE-2026-23233Shared CWE-787
CVE-2024-43077Shared CWE-787
CVE-2025-27169Shared CWE-787
CVE-2019-25705Shared CWE-787
CVE-2024-53697Shared CWE-787

Affected Assets

crun
realterm
2.0.0.70

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and remediation of flaws like this SEH buffer overflow, eliminating the vulnerability through patching or software replacement.

prevent

Implements memory protections such as DEP, ASLR, and stack canaries that directly thwart SEH buffer overflow exploitation for arbitrary code execution.

prevent

Mandates validation of user inputs like the malicious payload in the Echo Port field to prevent buffer overflows from occurring.

References