CVE-2019-25360

CVE-2019-25360 is a stack-based buffer overflow vulnerability (CWE-121) in Aida64 Engineer version 6.10.5200, specifically within the CSV logging configuration component. The flaw allows attackers to execute arbitrary code by supplying a specially crafted payload in a malformed log file, leveraging Structured Exception Handler (SEH) overwrite techniques to achieve remote code execution. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, and lack of prerequisites.

Remote attackers require no privileges or user interaction to exploit this vulnerability. By creating and delivering a malicious log file—potentially through social engineering, shared file vectors, or integration points that trigger CSV logging—they can overwrite the SEH chain, bypass protections, and gain full control over the affected system, resulting in high confidentiality, integrity, and availability impacts.

Mitigation details are referenced in vendor resources at https://www.aida64.com and a potential update download at https://www.aida64.com/downloads/OTAwMmVmNTE=, alongside advisories from VulnCheck at https://www.vulncheck.com/advisories/aida-buffer-overflow. A proof-of-concept exploit is publicly available at https://www.exploit-db.com/exploits/47574. Security practitioners should apply patches from the vendor and avoid processing untrusted log files in vulnerable versions.