CVE-2019-25646

CriticalPublic PoC

Published: 24 March 2026

Published

24 March 2026

Modified

25 March 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0068 71.6th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Attackers can connect to the SMTP service on port 25…

and send a malicious MAIL FROM command with an oversized buffer to overwrite the EIP register and execute a bind shell payload.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly enforces validation of information inputs like the MAIL FROM SMTP command parameter to prevent buffer overflows from oversized crafted inputs.

SI-2 Flaw Remediation good match

prevent

Mandates timely identification, reporting, and correction of flaws such as the buffer overflow vulnerability in Tabs Mail Carrier.

SI-16 Memory Protection good match

prevent

Implements memory protections to prevent unauthorized code execution from buffer overflow exploits that overwrite the EIP register.

Security SummaryAI

Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability (CWE-787) in the MAIL FROM SMTP command, enabling remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter with an oversized buffer. This flaw affects the SMTP service listening on port 25 and has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for complete system compromise.

Remote attackers can exploit this vulnerability without authentication or user interaction by connecting directly to the exposed SMTP service on TCP port 25 and transmitting a malicious MAIL FROM command. The oversized buffer overwrites the EIP register, allowing control flow hijacking and execution of payloads such as a bind shell, granting attackers full remote code execution capabilities on the target system.

Advisories and proof-of-concept exploits detail the vulnerability, with an exploit available at https://www.exploit-db.com/exploits/46547 and further analysis in the VulnCheck advisory at https://www.vulncheck.com/advisories/tabs-mail-carrier-buffer-overflow-via-mail-from. No specific patches are mentioned in the provided information.

Details

CWE(s): CWE-787

Affected Products

tabslab

mailcarrier

2.5.1

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Buffer overflow in public-facing SMTP service (port 25) enables unauthenticated remote code execution, directly mapping to T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://www.exploit-db.com/exploits/46547
Exploit, Third Party Advisory, VDB Entry · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/tabs-mail-carrier-buffer-overflow-via-mail-from
Third Party Advisory · disclosure@vulncheck.com