CVE-2019-25545

Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string in the computer name field. Attackers can input a 5000-byte buffer of data into the 'Computer name or IP address' field during computer addition, causing a denial of service when the server entry is accessed.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://lizardsystems.com	Product
https://www.exploit-db.com/exploits/46911	Exploit VDB Entry
https://www.vulncheck.com/advisories/terminal-services-manager-local-buffer-overflow-denial-of-service	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:lizardsystems:terminal_services_manager:3.2.1:*:*:*:*:*:*:*

History

16 Apr 2026, 17:44

Type	Values Removed	Values Added
References	~~() https://lizardsystems.com -~~	() https://lizardsystems.com - Product
References	~~() https://www.exploit-db.com/exploits/46911 -~~	() https://www.exploit-db.com/exploits/46911 - Exploit, VDB Entry
References	~~() https://www.vulncheck.com/advisories/terminal-services-manager-local-buffer-overflow-denial-of-service -~~	() https://www.vulncheck.com/advisories/terminal-services-manager-local-buffer-overflow-denial-of-service - Third Party Advisory
Summary		(es) Terminal Services Manager 3.2.1 contiene una vulnerabilidad local de desbordamiento de búfer que permite a los atacantes bloquear la aplicación al proporcionar una cadena excesivamente larga en el campo de nombre de equipo. Los atacantes pueden introducir un búfer de datos de 5000 bytes en el campo 'Nombre de equipo o dirección IP' durante la adición de un equipo, causando una denegación de servicio cuando se accede a la entrada del servidor.
CPE		cpe:2.3:a:lizardsystems:terminal_services_manager:3.2.1:::::::*
First Time		Lizardsystems terminal Services Manager Lizardsystems

21 Mar 2026, 13:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-21 13:16

Updated : 2026-04-16 17:44

NVD link : CVE-2019-25545

Mitre link : CVE-2019-25545

CVE.ORG link : CVE-2019-25545

JSON object : View

Products Affected

lizardsystems

terminal_services_manager

CWE

CWE-787

Out-of-bounds Write

6.2 /10