Vulnerabilities ›

CVE-2019-25607

High

CWE-787 — Weakness Type

                    Published: Mar 22, 2026                      ·  Modified: Mar 29, 2026                      ·  Source: NVD                

CVSS v3

8.4

🔗 NVD Official

📄 Description (English)

Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer and execute shellcode with system privileges.

🤖 AI Executive Summary

CVE-2019-25607 is a critical stack-based buffer overflow vulnerability in Axessh 4.2 affecting the log file name field, allowing local attackers to execute arbitrary code with system privileges. With a CVSS score of 8.4 and no available patch, this vulnerability poses significant risk to organizations using Axessh for SSH access management. The vulnerability requires local access but enables complete system compromise through instruction pointer overwriting.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 24, 2026 09:21

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily impacts Saudi government agencies, financial institutions, and critical infrastructure operators using Axessh for SSH access management and logging. High-risk sectors include: SAMA-regulated banking institutions relying on Axessh for secure administrative access, NCA-supervised government networks, Saudi Aramco and energy sector facilities using Axessh for infrastructure management, STC and telecom operators managing network access, and healthcare facilities using SSH-based remote administration. The local attack vector limits exposure but poses severe risk to insider threats and compromised user accounts within these organizations.

🏢 Affected Saudi Sectors

Banking and Financial Services (SAMA-regulated) Government and Public Administration (NCA-supervised) Energy and Utilities (Saudi Aramco, KACARE) Telecommunications (STC, Mobily, Zain) Healthcare and Medical Facilities Critical Infrastructure Defense and Security Agencies

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1548 - Abuse Elevation Control Mechanism T1548.004 - Abuse Elevation Control Mechanism: Elevated Execution with Prompt T1543 - Create or Modify System Process T1055 - Process Injection T1574 - Hijack Execution Flow T1134 - Access Token Manipulation T1547 - Boot or Logon Autostart Execution

⚖️ Saudi Risk Score (AI)

8.2

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Inventory all systems running Axessh 4.2 and document their criticality and network exposure

2. Restrict local access to systems running Axessh through privilege escalation controls and account management

3. Implement strict file permission controls on log directories to prevent unauthorized log file creation

4. Monitor for suspicious process execution and stack-based exploitation attempts



Compensating Controls (until patch available):

1. Disable Axessh logging functionality if operationally feasible, or redirect logs to read-only mounted filesystems

2. Implement application whitelisting to prevent arbitrary code execution

3. Deploy ASLR (Address Space Layout Randomization) and DEP/NX protections at OS level

4. Restrict local user access through strict SSH key management and disable password-based authentication

5. Implement file integrity monitoring on Axessh binaries and configuration files



Detection Rules:

1. Monitor for processes spawned from Axessh with unexpected parent-child relationships

2. Alert on attempts to create log files with excessively long filenames (>256 characters)

3. Track unauthorized modifications to Axessh process memory or instruction pointer changes

4. Log all local SSH sessions and failed authentication attempts

5. Monitor system calls for stack manipulation and shellcode execution patterns

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. حصر جميع الأنظمة التي تعمل بـ Axessh 4.2 وتوثيق أهميتها والتعرض على الشبكة

2. تقييد الوصول المحلي للأنظمة التي تعمل بـ Axessh من خلال عناصر تحكم تصعيد الامتيازات وإدارة الحسابات

3. تطبيق عناصر تحكم صارمة في أذونات الملفات على دلائل السجلات لمنع إنشاء ملفات سجل غير مصرح بها

4. مراقبة محاولات تنفيذ العمليات المريبة والاستغلال القائم على المكدس

عناصر التحكم التعويضية (حتى توفر التصحيح):

1. تعطيل وظيفة تسجيل Axessh إن أمكن من الناحية التشغيلية، أو إعادة توجيه السجلات إلى أنظمة ملفات مثبتة بقراءة فقط

2. تطبيق قائمة بيضاء للتطبيقات لمنع تنفيذ الكود العشوائي

3. نشر ASLR و DEP/NX على مستوى نظام التشغيل

4. تقييد وصول المستخدمين المحليين من خلال إدارة مفاتيح SSH الصارمة وتعطيل المصادقة القائمة على كلمة المرور

5. تطبيق مراقبة سلامة الملفات على ملفات Axessh الثنائية وملفات التكوين

قواعد الكشف:

1. مراقبة العمليات المنبثقة من Axessh مع علاقات الوالد والطفل غير المتوقعة

2. التنبيه على محاولات إنشاء ملفات سجل بأسماء طويلة بشكل مفرط (>256 حرف)

3. تتبع التعديلات غير المصرح بها على ذاكرة عملية Axessh أو تغييرات مؤشر التعليمات

4. تسجيل جميع جلسات SSH المحلية ومحاولات المصادقة الفاشلة

5. مراقبة استدعاءات النظام لأنماط معالجة المكدس وتنفيذ shellcode

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.5.1.1 - Information security policies and procedures A.5.2.1 - User access management and privilege control A.5.3.1 - Cryptographic controls for SSH access A.5.4.1 - Logging and monitoring of access events A.5.5.1 - Vulnerability management and patching

🔵 SAMA CSF

Identify - Asset Management (ID.AM-1, ID.AM-2) Protect - Access Control (PR.AC-1, PR.AC-2, PR.AC-3) Protect - Data Security (PR.DS-1, PR.DS-2) Detect - Anomalies and Events (DE.AE-1, DE.AE-2) Respond - Response Planning (RS.RP-1)

🟡 ISO 27001:2022

A.5.1.1 - Policies for information security A.5.2.1 - User registration and access rights A.5.2.2 - Privileged access rights A.5.2.3 - User access review A.5.3.1 - Cryptography A.5.4.1 - Event logging A.5.4.2 - Protection of log information A.8.1.1 - Vulnerability management

🟣 PCI DSS v4.0.1

Requirement 2.1 - Change default passwords Requirement 6.2 - Security patches and updates Requirement 7.1 - Limit access to system components Requirement 8.1 - User identification and authentication Requirement 10.2 - Implement automated audit trails

🔗 References & Sources 6

🔗

http://www.labf.com

disclosure@vulncheck.com

🔗

http://www.labf.com/download/axessh.exe

disclosure@vulncheck.com

🔗

https://www.exploit-db.com/exploits/46858

disclosure@vulncheck.com

🔗

https://www.exploit-db.com/exploits/46922

disclosure@vulncheck.com

🔗

https://www.exploit-db.com/shellcodes/46281

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/axessh-local-stack-based-buffer-overflow-via-log-f...

disclosure@vulncheck.com

📊 CVSS Score

8.4

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score8.4

CWECWE-787

Exploit No

Patch ✗ No

Published 2026-03-22

Source Feed nvd

🇸🇦 Saudi Risk Score

8.2

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

CWE-787

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2019-25607

💬 Comments

Introduce Yourself

Sign In Required