CVE-2019-25679 | THREATINT

Description

RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a buffer overflow payload with a POP POP RET gadget chain and shellcode that triggers code execution when pasted into the Port field and the Change button is clicked.

PUBLISHED Reserved 2026-04-05 | Published 2026-04-05 | Updated 2026-04-06 | Assigner VulnCheck

HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

Out-of-bounds Write

Product status

1.11.2

affected

Credits

Matteo Malvica finder

References

www.exploit-db.com/exploits/46441 (ExploitDB-46441) exploit

realterm.sourceforge.io/ (Official Product Homepage) product

sourceforge.net/projects/realterm/files/ (Product Reference) product

www.vulncheck.com/...erm-serial-terminal-buffer-overflow-seh (VulnCheck Advisory: RealTerm Serial Terminal 2.0.0.70 Buffer Overflow SEH) third-party-advisory

cve.org (CVE-2019-25679)

nvd.nist.gov (CVE-2019-25679)

Download JSON