Detections
Analytics

CVE-2019-25607

high

Description

Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer and execute shellcode with system privileges.

References

https://www.vulncheck.com/advisories/axessh-local-stack-based-buffer-overflow-via-log-file-name

https://www.exploit-db.com/shellcodes/46281

https://www.exploit-db.com/exploits/46922

https://www.exploit-db.com/exploits/46858

http://www.labf.com/download/axessh.exe

http://www.labf.com

Details

Source: Mitre, NVD

Published: 2026-03-22

Updated: 2026-03-22

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.4

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 8.6

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: High