CVE-2019-25336 – CVE-2019-25336 is a local buffer overflow vulne... (How to Fix)

Q: What is the severity of CVE-2019-25336?

CVE-2019-25336 has a CVSS score of 8.4 (HIGH). CVE-2019-25336 is a local buffer overflow vulnerability in SpotAuditor's Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. This affects users of SpotAuditor 5.3.2 who run the vulnerable tool locally. Attackers can overwrite the Structured Exception Handler (SEH) to execute shellcode on the compromised system.

📋 TL;DR

CVE-2019-25336 is a local buffer overflow vulnerability in SpotAuditor's Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. This affects users of SpotAuditor 5.3.2 who run the vulnerable tool locally. Attackers can overwrite the Structured Exception Handler (SEH) to execute shellcode on the compromised system.

💻 Affected Systems

Products:

SpotAuditor

Versions: 5.3.2

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the Base64 Encrypted Password tool component of SpotAuditor. Users must have local access to execute the vulnerable tool.

📦 What is this software?

Spotauditor by Nsasoft

View all CVEs affecting Spotauditor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control over the vulnerable machine, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation or arbitrary code execution in the context of the user running SpotAuditor, allowing attackers to install malware, steal credentials, or pivot to other systems.

🟢

If Mitigated

Limited impact if proper application whitelisting, least privilege principles, and endpoint protection are in place, potentially preventing successful exploitation.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Multiple public exploits exist (Exploit-DB 47719, 47759) demonstrating SEH overwrite techniques. Attackers need local access to the system to execute the vulnerable tool.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.3.3 or later

Vendor Advisory: http://www.nsauditor.com/

Restart Required: No

Instructions:

1. Download the latest version of SpotAuditor from the official website. 2. Uninstall the vulnerable version (5.3.2). 3. Install the patched version (5.3.3 or later). 4. Verify the installation is complete and functioning.

🔧 Temporary Workarounds

Remove or Restrict Access to Vulnerable Tool

windows

Remove the Base64 Encrypted Password tool from the SpotAuditor installation or restrict execution permissions.

Remove the executable file: del "C:\Program Files\SpotAuditor\Base64Tool.exe"
Set restrictive permissions: icacls "C:\Program Files\SpotAuditor\Base64Tool.exe" /deny Everyone:(F)

Application Control/Whitelisting

windows

Implement application whitelisting to prevent execution of the vulnerable tool.

Using AppLocker: New-AppLockerPolicy -RuleType Path -Action Deny -Path "C:\Program Files\SpotAuditor\Base64Tool.exe" -User Everyone

🧯 If You Can't Patch

Implement strict least privilege principles - ensure users run with minimal necessary permissions to limit impact of exploitation.
Deploy endpoint detection and response (EDR) solutions configured to detect buffer overflow exploitation attempts and shellcode execution.

🔍 How to Verify

Check if Vulnerable:

Check SpotAuditor version: Open SpotAuditor, go to Help > About. If version is 5.3.2, the system is vulnerable.

Check Version:

wmic product where name="SpotAuditor" get version

Verify Fix Applied:

Verify SpotAuditor version is 5.3.3 or later. Test the Base64 Encrypted Password tool with known malicious payloads to ensure it no longer crashes or executes arbitrary code.

📡 Detection & Monitoring

Log Indicators:

Application crashes of SpotAuditor Base64 tool
Unusual process creation from SpotAuditor executable
Shellcode execution patterns in memory

Network Indicators:

Outbound connections from SpotAuditor process to unexpected destinations
Command and control traffic following exploitation

SIEM Query:

EventID=1000 OR EventID=1001 AND SourceName="Application Error" AND ProcessName="Base64Tool.exe"

📊 Metadata

CVE ID: CVE-2019-25336

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

EPSS Score: 0.01% exploit probability (2.1th percentile)

Published: February 12, 2026

Last Updated: February 20, 2026

🔗 References

http://www.nsauditor.com/ Product
https://www.exploit-db.com/exploits/47719 Exploit,Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/47759 Exploit,Third Party Advisory,VDB Entry
https://www.vulncheck.com/advisories/spotauditor-base-local-buffer-overflow-seh Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-25336, you might also want to check these: