CVE-2019-25705
Published: 12 April 2026
Summary
CVE-2019-25705 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Interference-Security Echo Mirage. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 10.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-16 (Memory Protection).
Deeper analysis
Echo Mirage 3.1 suffers from a stack buffer overflow vulnerability, classified as CVE-2019-25705 and associated with CWE-787 (Out-of-bounds Write). The flaw occurs in the Rules action field, where an oversized string input exceeds buffer boundaries, enabling attackers to overwrite the return address on the stack. This affects the Echo Mirage application, a tool available via SourceForge, with a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Local attackers can exploit this vulnerability without privileges by creating a malicious text file containing a crafted payload and pasting it into the Rules dialog's action field. Successful exploitation allows crashing the application or executing arbitrary code, potentially leading to full control over the process with high confidentiality, integrity, and availability impacts.
Advisories, including one from VulnCheck, describe the stack buffer overflow via the Rules action field, while Exploit-DB hosts a proof-of-concept exploit (ID 46216). No patches or specific mitigations are detailed in the available information, and the project page on SourceForge indicates it as an older release.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-20135
Vulnerability details
Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized string in the Rules action field. Attackers can create a malicious text file with a…
more
crafted payload exceeding buffer boundaries and paste it into the action field through the Rules dialog to trigger the overflow and overwrite the return address.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local stack buffer overflow in client application (Echo Mirage) enables arbitrary code execution via crafted input in the Rules dialog, directly mapping to client-side exploitation for code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely remediation of known software flaws like the stack buffer overflow in Echo Mirage via patching, upgrades, or removal to eliminate CVE-2019-25705.
Deploys memory protections such as stack canaries, ASLR, and DEP to detect overflows and prevent arbitrary code execution from oversized inputs in the Rules action field.
Prohibits use of unsupported legacy components like Echo Mirage 3.1, which lacks patches for vulnerabilities such as CVE-2019-25705.