CVE-2019-25469
Received Received - Intake

Buffer Overflow in Folder Lock 7.7.9 Causes Local DoS

Vulnerability report for CVE-2019-25469, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-11

Last updated on: 2026-03-11

Assigner: VulnCheck

Description

Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. Attackers can paste a 6000-byte buffer of arbitrary data into the 'Serial Number and Registration Key' field to trigger a denial of service condition.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-11
Last Modified
2026-03-11
Generated
2026-07-06
AI Q&A
2026-03-11
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
folder_lock folder_lock 7.7.9
folder_lock folder_lock to 7.7.9 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2019-25469 is a buffer overflow vulnerability in Folder Lock version 7.7.9. It occurs in the serial number registration field where local attackers can input an oversized payload, specifically a 6000-byte buffer of arbitrary data, causing the application to crash.'}, {'type': 'paragraph', 'content': "The vulnerability is triggered by pasting a very large string into the 'Serial Number and Registration Key' field, which overflows the buffer and leads to a denial of service condition."}] [1, 2]

Impact Analysis

This vulnerability can cause Folder Lock to crash, resulting in a denial of service (DoS) condition. An attacker with local access can exploit this by submitting a large payload to the serial number registration field, making the application unresponsive or unusable.

Since the attack requires local access and no special privileges or user interaction, it mainly impacts availability of the application rather than confidentiality or integrity.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by attempting to reproduce the buffer overflow condition in Folder Lock version 7.7.9. The detection involves creating a specially crafted payload of 6000 characters and pasting it into the 'Serial Number and Registration Key' field of the application to observe if it crashes."}, {'type': 'list_item', 'content': "Run the provided Python script (Folder_Lock.py) from the exploit to generate a file named 'Evil.txt' containing 6000 'A' characters."}, {'type': 'list_item', 'content': "Open 'Evil.txt' and copy its contents to the clipboard."}, {'type': 'list_item', 'content': "Launch Folder Lock and navigate to the 'Enter Key' section."}, {'type': 'list_item', 'content': "Paste the copied content into the 'Serial Number and Registration Key' input field."}, {'type': 'list_item', 'content': "Click 'Submit' and observe if the application crashes, indicating the presence of the vulnerability."}] [1]

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25469. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart