CVE-2019-25590 | THREATINT

Description

Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log file name parameter, and trigger a crash when establishing a telnet connection.

PUBLISHED Reserved 2026-03-22 | Published 2026-03-22 | Updated 2026-03-23 | Assigner VulnCheck

MEDIUM: 6.9CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

MEDIUM: 6.2CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Assumed-Immutable Data is Stored in Writable Memory

Product status

4.2

affected

Credits

Victor Mondragón finder

References

www.exploit-db.com/exploits/46858 (ExploitDB-46858) exploit

www.labf.com (Official Product Homepage) product

www.labf.com/download/axessh.exe (Product Reference) product

www.vulncheck.com/...ssh-denial-of-service-via-log-file-name (VulnCheck Advisory: Axessh 4.2 Denial of Service via Log File Name) third-party-advisory

cve.org (CVE-2019-25590)

nvd.nist.gov (CVE-2019-25590)

Download JSON