Cyber Resilience

CVE-2019-25705

HighPublic PoC

Published: 12 April 2026

Published
12 April 2026
Modified
17 April 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0021 10.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25705 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Interference-Security Echo Mirage. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 10.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-16 (Memory Protection).

Deeper analysis

Echo Mirage 3.1 suffers from a stack buffer overflow vulnerability, classified as CVE-2019-25705 and associated with CWE-787 (Out-of-bounds Write). The flaw occurs in the Rules action field, where an oversized string input exceeds buffer boundaries, enabling attackers to overwrite the return address on the stack. This affects the Echo Mirage application, a tool available via SourceForge, with a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Local attackers can exploit this vulnerability without privileges by creating a malicious text file containing a crafted payload and pasting it into the Rules dialog's action field. Successful exploitation allows crashing the application or executing arbitrary code, potentially leading to full control over the process with high confidentiality, integrity, and availability impacts.

Advisories, including one from VulnCheck, describe the stack buffer overflow via the Rules action field, while Exploit-DB hosts a proof-of-concept exploit (ID 46216). No patches or specific mitigations are detailed in the available information, and the project page on SourceForge indicates it as an older release.

EU & UK References

Vulnerability details

Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized string in the Rules action field. Attackers can create a malicious text file with a…

more

crafted payload exceeding buffer boundaries and paste it into the action field through the Rules dialog to trigger the overflow and overwrite the return address.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Local stack buffer overflow in client application (Echo Mirage) enables arbitrary code execution via crafted input in the Rules dialog, directly mapping to client-side exploitation for code execution.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2019-25633Shared CWE-787
CVE-2026-0538Shared CWE-787
CVE-2016-20046Shared CWE-787
CVE-2019-25628Shared CWE-787
CVE-2019-25695Shared CWE-787
CVE-2018-25218Shared CWE-787
CVE-2026-42484Shared CWE-787
CVE-2019-25612Shared CWE-787
CVE-2025-43300Shared CWE-787
CVE-2016-20043Shared CWE-787

Affected Assets

interference-security
echo mirage
3.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely remediation of known software flaws like the stack buffer overflow in Echo Mirage via patching, upgrades, or removal to eliminate CVE-2019-25705.

preventdetect

Deploys memory protections such as stack canaries, ASLR, and DEP to detect overflows and prevent arbitrary code execution from oversized inputs in the Rules action field.

prevent

Prohibits use of unsupported legacy components like Echo Mirage 3.1, which lacks patches for vulnerabilities such as CVE-2019-25705.

References