CVE-2019-25336

SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. Attackers can generate a specially crafted Base64 encoded payload to trigger a Structured Exception Handler (SEH) overwrite and execute shellcode on the vulnerable system.

CVSS v3 8.4 HIGH

8.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.nsauditor.com/	Product
https://www.exploit-db.com/exploits/47719	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/47759	Exploit Third Party Advisory VDB Entry
https://www.vulncheck.com/advisories/spotauditor-base-local-buffer-overflow-seh	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:nsasoft:spotauditor:5.3.2:*:*:*:*:*:*:*

History

20 Feb 2026, 21:10

Type	Values Removed	Values Added
References	~~() http://www.nsauditor.com/ -~~	() http://www.nsauditor.com/ - Product
References	~~() https://www.exploit-db.com/exploits/47719 -~~	() https://www.exploit-db.com/exploits/47719 - Exploit, Third Party Advisory, VDB Entry
References	~~() https://www.exploit-db.com/exploits/47759 -~~	() https://www.exploit-db.com/exploits/47759 - Exploit, Third Party Advisory, VDB Entry
References	~~() https://www.vulncheck.com/advisories/spotauditor-base-local-buffer-overflow-seh -~~	() https://www.vulncheck.com/advisories/spotauditor-base-local-buffer-overflow-seh - Broken Link
CPE		cpe:2.3:a:nsasoft:spotauditor:5.3.2:::::::*
First Time		Nsasoft Nsasoft spotauditor
Summary		(es) SpotAuditor 5.3.2 contiene una vulnerabilidad local de desbordamiento de búfer en la herramienta Base64 Encrypted Password que permite a los atacantes ejecutar código arbitrario mediante la creación de una carga útil maliciosa. Los atacantes pueden generar una carga útil codificada en Base64 especialmente diseñada para desencadenar una sobrescritura del controlador de excepciones estructuradas (SEH) y ejecutar shellcode en el sistema vulnerable.

12 Feb 2026, 23:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-12 23:16

Updated : 2026-02-20 21:10

NVD link : CVE-2019-25336

Mitre link : CVE-2019-25336

CVE.ORG link : CVE-2019-25336

JSON object : View

Products Affected

nsasoft

spotauditor

CWE

CWE-121

Stack-based Buffer Overflow

8.4 /10