CVE-2019-25475
Received Received - Intake
Buffer Overflow in SQL Server Password Changer Causes DoS

Publication date: 2026-03-11

Last updated on: 2026-03-11

Assigner: VulnCheck

Description
SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration Code field to trigger a denial of service condition.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-11
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2026-03-11
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25475
EUVD
EUVD-2019-19752
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
top-password sql_server_password_changer 1.90
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25475 is a buffer overflow vulnerability in SQL Server Password Changer version 1.90. It occurs when a local attacker supplies an oversized payloadβ€”specifically, up to 6000 bytes of dataβ€”into the User Name and Registration Code fields. This causes the application to crash, resulting in a denial of service condition.

The vulnerability arises because the application does not properly handle excessively large input, leading to an out-of-bounds write (buffer overflow). This instability can be triggered by pasting a large buffer of data into the input fields and submitting it.

Impact Analysis

This vulnerability can impact you by causing the SQL Server Password Changer application to crash, resulting in a denial of service (DoS).

Since the vulnerability requires local access and does not allow remote code execution or privilege escalation, the primary impact is the unavailability of the application while it is crashed.

This could disrupt workflows or processes that depend on the application, potentially causing inconvenience or downtime.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the buffer overflow condition in the SQL Server Password Changer application version 1.90.'}, {'type': 'paragraph', 'content': "A practical detection method involves creating a payload file containing 6000 'A' characters and injecting it into the 'User Name and Registration Code' input field of the application to observe if it crashes."}, {'type': 'list_item', 'content': "Run the Python script 'Outlook Password Recovery.py' to generate a file named 'Evil.txt' containing the large buffer payload."}, {'type': 'list_item', 'content': "Open SQL Server Password Changer and select the 'EnterKey' option."}, {'type': 'list_item', 'content': "Paste the contents of 'Evil.txt' into the 'User Name and Registration Code' input field."}, {'type': 'list_item', 'content': "Click 'OK' and check if the application crashes, indicating the presence of the vulnerability."}] [1]

Mitigation Strategies

Immediate mitigation steps include avoiding the use of SQL Server Password Changer version 1.90 or earlier, as the vulnerability is triggered by local input to the application.

If continued use is necessary, restrict local access to the application to trusted users only to prevent exploitation.

Monitor for application crashes that may indicate attempted exploitation.

Check for updates or patches from the vendor (https://www.top-password.com/) that address this buffer overflow vulnerability and apply them as soon as they become available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25475. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart