CVE-2019-25340

SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. Attackers can generate a malformed input file with 2000 repeated characters to trigger an application crash when pasted into the Base64 Encrypted Password field.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://www.nsauditor.com/	Product
https://www.exploit-db.com/exploits/47719	Exploit Third Party Advisory VDB Entry
https://www.vulncheck.com/advisories/spotauditor-base-denial-of-service	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:nsasoft:spotauditor:5.3.2:*:*:*:*:*:*:*

History

20 Feb 2026, 21:09

Type	Values Removed	Values Added
References	~~() http://www.nsauditor.com/ -~~	() http://www.nsauditor.com/ - Product
References	~~() https://www.exploit-db.com/exploits/47719 -~~	() https://www.exploit-db.com/exploits/47719 - Exploit, Third Party Advisory, VDB Entry
References	~~() https://www.vulncheck.com/advisories/spotauditor-base-denial-of-service -~~	() https://www.vulncheck.com/advisories/spotauditor-base-denial-of-service - Broken Link
CPE		cpe:2.3:a:nsasoft:spotauditor:5.3.2:::::::*
Summary		(es) SpotAuditor 5.3.2 contiene una vulnerabilidad de denegación de servicio en su función de descifrado Base64 que permite a los atacantes bloquear la aplicación al proporcionar un búfer sobredimensionado. Los atacantes pueden generar un archivo de entrada malformado con 2000 caracteres repetidos para provocar un bloqueo de la aplicación cuando se pega en el campo Contraseña Cifrada Base64.
First Time		Nsasoft Nsasoft spotauditor

12 Feb 2026, 23:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-12 23:16

Updated : 2026-02-20 21:09

NVD link : CVE-2019-25340

Mitre link : CVE-2019-25340

CVE.ORG link : CVE-2019-25340

JSON object : View

Products Affected

nsasoft

spotauditor

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2019-25340", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.7, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-12T23:16:08.240", "references": [{"url": "http://www.nsauditor.com/", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/47719", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/spotauditor-base-denial-of-service", "tags": ["Broken Link"], "source": "disclosure@vulncheck.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. Attackers can generate a malformed input file with 2000 repeated characters to trigger an application crash when pasted into the Base64 Encrypted Password field."}, {"lang": "es", "value": "SpotAuditor 5.3.2 contiene una vulnerabilidad de denegaci\u00f3n de servicio en su funci\u00f3n de descifrado Base64 que permite a los atacantes bloquear la aplicaci\u00f3n al proporcionar un b\u00fafer sobredimensionado. Los atacantes pueden generar un archivo de entrada malformado con 2000 caracteres repetidos para provocar un bloqueo de la aplicaci\u00f3n cuando se pega en el campo Contrase\u00f1a Cifrada Base64."}], "lastModified": "2026-02-20T21:09:38.997", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nsasoft:spotauditor:5.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0037464-91AA-4237-B59F-F63FC5112EEF"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}