CVE-2019-25364

CriticalPublic PoC

Published: 18 February 2026

Published

18 February 2026

Modified

24 February 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0039 60.0th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

MailCarrier 2.51 contains a buffer overflow vulnerability in the POP3 USER command that allows remote attackers to execute arbitrary code. Attackers can send a crafted oversized buffer to the POP3 service, overwriting memory and potentially gaining remote system access.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly addresses the buffer overflow by requiring timely identification, reporting, and correction of the specific flaw in the POP3 USER command.

SI-10 Information Input Validation good match

prevent

Prevents exploitation by enforcing validation of oversized buffers sent to the POP3 USER command, rejecting invalid inputs before memory overwrite.

SI-16 Memory Protection good match

prevent

Mitigates successful buffer overflow exploitation through memory safeguards like stack canaries, ASLR, and DEP, hindering arbitrary code execution.

Security SummaryAI

CVE-2019-25364 is a buffer overflow vulnerability in MailCarrier 2.51, specifically affecting the POP3 USER command within the POP3 service. Remote attackers can trigger the flaw by sending a crafted oversized buffer, which overwrites memory and enables arbitrary code execution. The vulnerability is classified under CWE-121 (stack-based buffer overflow) and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical.

The attack requires no privileges, authentication, or user interaction, allowing unauthenticated remote attackers to exploit it over the network with low complexity. Successful exploitation grants attackers remote code execution, potentially leading to full remote system access, high-impact compromise of confidentiality, integrity, and availability.

Advisories and related resources, including a proof-of-concept exploit on Exploit-DB (ID 47554), are available at VulnCheck (win-mailcarrier-pop-user-remote-buffer-overflow advisory) and TabsLab. No specific patch or mitigation details are detailed in the core CVE information.

Details

CWE(s): CWE-121

Affected Products

tabslab

mailcarrier

2.51

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is a remote buffer overflow in a public-facing POP3 service (MailCarrier), enabling unauthenticated remote code execution, directly mapping to T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://www.exploit-db.com/exploits/47554
Exploit, Third Party Advisory · disclosure@vulncheck.com
https://www.tabslab.com/
Product · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/win-mailcarrier-pop-user-remote-buffer-overflow
Broken Link · disclosure@vulncheck.com