CVE-2019-25607 HIGH

CVE-2019-25607: Axessh 4.2 Local Stack-based Buffer Overflow via Log File Name

Vendor Labf

Product Axessh

Weakness CWE-787

Published March 22, 2026

Last update March 23, 2026

View on NVD All CVEs

CVSS base score

8.6/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer and execute shellcode with system privileges.

Key dates

02Disclosure timeline

March 22, 2026 CVE published

March 23, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-25607 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/787.html

Related vulnerabilities

CVE-2019-25607: Axessh 4.2 Local Stack-based Buffer Overflow via Log File Name

01Description

02Disclosure timeline

03References

04Related CVE