CVE-2019-25695 HIGH

CVE-2019-25695: R 3.4.4 Local Buffer Overflow Windows XP SP3

Vendor R-Project
Product R
Weakness CWE-787
Published April 12, 2026
Last update June 30, 2026

CVSS base score

8.6/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the payload is pasted into the Language for menus and messages field.

Key dates

02Disclosure timeline

April 12, 2026 CVE published
June 30, 2026 Record updated