{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25569", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-21T12:36:51.381Z", "datePublished": "2026-03-21T12:47:09.361Z", "dateUpdated": "2026-03-23T20:09:18.372Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-21T12:47:09.361Z"}, "title": "RealTerm Serial Terminal 2.0.0.70 SEH Overflow Crash", "descriptions": [{"lang": "en", "value": "RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception handler (SEH) chain corruption. Attackers can craft a malicious input string with 268 bytes of padding followed by SEH overwrite values and paste it into the Port field to cause denial of service."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "affected": [{"vendor": "Realterm", "product": "RealTerm: Serial Terminal", "versions": [{"version": "2.0.0.70", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46391", "name": "ExploitDB-46391", "tags": ["exploit"]}, {"url": "https://realterm.sourceforge.io/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://sourceforge.net/projects/realterm/files/", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: RealTerm Serial Terminal 2.0.0.70 SEH Overflow Crash", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/realterm-serial-terminal-seh-overflow-crash"}], "credits": [{"lang": "en", "value": "Alejandra S\u00e1nchez", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "datePublic": "2019-02-18T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T20:07:54.220366Z", "id": "CVE-2019-25569", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T20:09:18.372Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25569", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T20:07:54.220366Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T20:08:55.739Z"}}], "cna": {"title": "RealTerm Serial Terminal 2.0.0.70 SEH Overflow Crash", "credits": [{"lang": "en", "type": "finder", "value": "Alejandra S\u00e1nchez"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Realterm", "product": "RealTerm: Serial Terminal", "versions": [{"status": "affected", "version": "2.0.0.70"}]}], "datePublic": "2019-02-18T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46391", "name": "ExploitDB-46391", "tags": ["exploit"]}, {"url": "https://realterm.sourceforge.io/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://sourceforge.net/projects/realterm/files/", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/realterm-serial-terminal-seh-overflow-crash", "name": "VulnCheck Advisory: RealTerm Serial Terminal 2.0.0.70 SEH Overflow Crash", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception handler (SEH) chain corruption. Attackers can craft a malicious input string with 268 bytes of padding followed by SEH overwrite values and paste it into the Port field to cause denial of service."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-21T12:47:09.361Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25569", "state": "PUBLISHED", "dateUpdated": "2026-03-23T20:09:18.372Z", "dateReserved": "2026-03-21T12:36:51.381Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-21T12:47:09.361Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:crun:realterm:2.0.0.70:*:*:*:*:*:*:*", "matchCriteriaId": "CBB4049D-EE6D-4CA8-B20B-5F32A28157EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception handler (SEH) chain corruption. Attackers can craft a malicious input string with 268 bytes of padding followed by SEH overwrite values and paste it into the Port field to cause denial of service."}, {"lang": "es", "value": "RealTerm Serial Terminal 2.0.0.70 contiene una vulnerabilidad de desbordamiento de b\u00fafer basado en pila en el campo Echo Port que permite a atacantes locales bloquear la aplicaci\u00f3n al desencadenar una corrupci\u00f3n de la cadena de gestores de excepciones estructuradas (SEH). Los atacantes pueden crear una cadena de entrada maliciosa con 268 bytes de relleno seguida de valores de sobrescritura de SEH y pegarla en el campo Port para causar denegaci\u00f3n de servicio."}], "id": "CVE-2019-25569", "lastModified": "2026-03-24T20:43:05.600", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-21T13:16:20.653", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://realterm.sourceforge.io/"}, {"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://sourceforge.net/projects/realterm/files/"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46391"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/realterm-serial-terminal-seh-overflow-crash"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "2.0.0.70"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "RealTerm: Serial Terminal", "source": "cna", "vendor": "Realterm"}, "product": "realterm:_serial_terminal", "vendor": "realterm"}], "analysis": {"en": {"generated_at": "2026-03-24T21:56:26.909063+00:00", "value": {"mitigation_remediation": ["Upgrade to the latest RealTerm release that fixes the buffer\u2011overflow issue.", "If an upgrade cannot be performed immediately, avoid using the Echo Port feature or uninstall the application until a patch is available."], "summary": {"action": "Apply Patch", "impact": "Denial of Service via stack-based buffer overflow"}, "threat_synthesis": {"affected_systems": "The vulnerability is limited to the Serial Terminal product from Realterm, specifically version 2.0.0.70. No other releases or vendors appear to be affected.", "description_and_impact": "A stack\u2011based buffer overflow occurs in the Echo Port field of the Serial Terminal application. A local user can create a 268\u2011byte input that overwrites the structured\u2011exception\u2011handler control data, causing the program to crash. The flaw does not provide code execution; its principal consequence is that the application becomes unavailable to anyone who opens it.", "risk_and_exploitability": "The issue scores a 6.9 on the CVSS scale, reflecting moderate severity. Its exploitation likelihood is reported to be below one percent, and it does not appear in national threat catalogs. Exploitation requires local interaction with the application\u2019s input field, and a working exploit is documented in publicly accessible exploit collections. The combination of limited impact and low exploitation probability keeps overall risk moderate, though the local nature of the attack means that any user with access to the application should consider addressing it promptly."}}}}, "created": "2026-03-23T09:49:12.067941+00:00", "updated": "2026-03-25T14:47:14.641317+00:00", "vendors": ["realterm", "realterm$PRODUCT$realterm:_serial_terminal"]}