{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-25T03:24:41.362","vulnerabilities":[{"cve":{"id":"CVE-2019-25607","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-03-22T14:16:28.620","lastModified":"2026-06-17T02:32:47.077","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer and execute shellcode with system privileges."},{"lang":"es","value":"Axessh 4.2 contiene una vulnerabilidad de desbordamiento de búfer basado en pila en el campo del nombre del archivo de registro que permite a atacantes locales ejecutar código arbitrario al proporcionar un nombre de archivo excesivamente largo. Los atacantes pueden desbordar el búfer en el desplazamiento de 214 bytes para sobrescribir el puntero de instrucción y ejecutar shellcode con privilegios de sistema."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Labf","product":"Axessh","versions":[{"version":"4.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-23T16:16:14.383679Z","id":"CVE-2019-25607","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"http://www.labf.com","source":"disclosure@vulncheck.com"},{"url":"http://www.labf.com/download/axessh.exe","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/46858","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/46922","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/shellcodes/46281","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/axessh-local-stack-based-buffer-overflow-via-log-file-name","source":"disclosure@vulncheck.com"}]}}]}