CVE-2019-25631 HIGH

CVE-2019-25631: AIDA64 Business 5.99.4900 SEH Buffer Overflow via EggHunter

Vendor Aida64

Product AIDA64 Business

Weakness CWE-787

Published March 24, 2026

Last update March 24, 2026

View on NVD All CVEs

CVSS base score

8.6/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious shellcode. Attackers can inject egg hunter shellcode through the SMTP display name field in preferences or report wizard functionality to trigger the overflow and execute code with application privileges.

Key dates

02Disclosure timeline

March 24, 2026 CVE published

March 24, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-25631 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/787.html

Related vulnerabilities

Identifiers

CVE CVE-2019-25631

CWE CWE-787

CVSS 8.6 / HIGH

Affected versions