Cyber Resilience

CVE-2020-37025

HighPublic PoC

Published: 30 January 2026

Published
30 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0016 5.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2020-37025 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Port Forwarding Wizard (inferred from references). Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 5.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2020-37025 is a buffer overflow vulnerability (CWE-120) in Port Forwarding Wizard version 4.8.0, affecting the Register feature on vulnerable Windows systems. The flaw occurs when processing a long request, enabling local attackers to trigger the overflow and potentially execute arbitrary code. The vulnerability carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts.

Local attackers with access to the system can exploit this vulnerability without privileges by crafting a malicious payload that includes an egg tag to overwrite SEH handlers, leading to shellcode execution. This allows full arbitrary code execution, potentially granting attackers control over the affected Windows machine.

Advisories and related resources, including those from Vulncheck and an exploit proof-of-concept on Exploit-DB (ID 48695), detail the issue; the vendor site at port-forwarding.net should be consulted for any patches or updates.

EU & UK References

Vulnerability details

Port Forwarding Wizard 4.8.0 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code through a long request in the Register feature. Attackers can craft a malicious payload with an egg tag and overwrite SEH handlers to…

more

potentially execute shellcode on vulnerable Windows systems.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local buffer overflow (SEH overwrite) in client software directly enables arbitrary code execution without privileges, mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2018-25299Shared CWE-120
CVE-2026-1679Shared CWE-120
CVE-2026-28925Shared CWE-120
CVE-2018-9387Shared CWE-120
CVE-2025-71263Shared CWE-120
CVE-2020-37049Shared CWE-120
CVE-2025-47388Shared CWE-120
CVE-2018-25263Shared CWE-120
CVE-2022-49754Shared CWE-120
CVE-2025-49495Shared CWE-120

Affected Assets

Port Forwarding
Wizard
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw Remediation directly prevents exploitation by applying vendor patches to fix the buffer overflow vulnerability in the Port Forwarding Wizard Register feature.

prevent

Information Input Validation comprehensively addresses the CVE by enforcing bounds checking on long requests to prevent buffer overflows in the Register feature.

prevent

Memory Protection mitigates buffer overflow exploitation by implementing DEP, ASLR, and stack canaries to hinder SEH handler overwrites and shellcode execution.

References