CVE-2019-25358

FileOptimizer 14.00.2524 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the FileOptimizer32.ini configuration file. Attackers can overwrite the TempDirectory parameter with a 5000-character buffer to cause the application to crash when opening options.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://sourceforge.net/projects/nikkhokkho/
https://sourceforge.net/projects/nikkhokkho/files/FileOptimizer/14.00.2524/FileOptimizerSetup.exe/download
https://www.exploit-db.com/exploits/47586
https://www.vulncheck.com/advisories/fileoptimizer-denial-of-service

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) FileOptimizer 14.00.2524 contiene una vulnerabilidad de denegación de servicio que permite a los atacantes bloquear la aplicación manipulando el archivo de configuración FileOptimizer32.ini. Los atacantes pueden sobrescribir el parámetro TempDirectory con un búfer de 5000 caracteres para provocar que la aplicación falle al abrir las opciones.

18 Feb 2026, 22:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-18 22:16

Updated : 2026-04-15 00:35

NVD link : CVE-2019-25358

Mitre link : CVE-2019-25358

CVE.ORG link : CVE-2019-25358

JSON object : View

Products Affected

No product.

CWE

CWE-1282

Assumed-Immutable Data is Stored in Writable Memory

{"id": "CVE-2019-25358", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-18T22:16:21.180", "references": [{"url": "https://sourceforge.net/projects/nikkhokkho/", "source": "disclosure@vulncheck.com"}, {"url": "https://sourceforge.net/projects/nikkhokkho/files/FileOptimizer/14.00.2524/FileOptimizerSetup.exe/download", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/47586", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/fileoptimizer-denial-of-service", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-1282"}]}], "descriptions": [{"lang": "en", "value": "FileOptimizer 14.00.2524 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the FileOptimizer32.ini configuration file. Attackers can overwrite the TempDirectory parameter with a 5000-character buffer to cause the application to crash when opening options."}, {"lang": "es", "value": "FileOptimizer 14.00.2524 contiene una vulnerabilidad de denegaci\u00f3n de servicio que permite a los atacantes bloquear la aplicaci\u00f3n manipulando el archivo de configuraci\u00f3n FileOptimizer32.ini. Los atacantes pueden sobrescribir el par\u00e1metro TempDirectory con un b\u00fafer de 5000 caracteres para provocar que la aplicaci\u00f3n falle al abrir las opciones."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "disclosure@vulncheck.com"}