CVE-2019-25545
Received Received - Intake
Local Buffer Overflow in Terminal Services Manager 3.2.1 Causes DoS

Publication date: 2026-03-21

Last updated on: 2026-04-16

Assigner: VulnCheck

Description
Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string in the computer name field. Attackers can input a 5000-byte buffer of data into the 'Computer name or IP address' field during computer addition, causing a denial of service when the server entry is accessed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-21
Last Modified
2026-04-16
Generated
2026-06-16
AI Q&A
2026-03-21
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25545
EUVD
EUVD-2019-19839
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
lizardsystems terminal_services_manager 3.2.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2019-25545 is a local buffer overflow vulnerability in Terminal Services Manager version 3.2.1. It occurs when an attacker inputs an excessively long stringβ€”specifically, a 5000-byte bufferβ€”into the "Computer name or IP address" field during the addition of a computer entry.'}, {'type': 'paragraph', 'content': 'This oversized input causes an out-of-bounds write that crashes the application, resulting in a denial of service (DoS). The vulnerability can be triggered locally without any privileges or user interaction.'}] [2, 3]

Impact Analysis

This vulnerability can impact you by causing the Terminal Services Manager application to crash when an attacker inputs a very long string in the computer name field.

The crash results in a denial of service (DoS), meaning legitimate users may be unable to use the application or access server entries while the application is down.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability is triggered by inputting an excessively long string (5000 bytes) into the 'Computer name or IP address' field in Terminal Services Manager version 3.2.1. Detection involves monitoring for crashes or denial of service events related to this application when adding or accessing server entries."}, {'type': 'paragraph', 'content': 'Since the vulnerability is local and specific to the Terminal Services Manager application, detection can be done by attempting to reproduce the issue with a test input of a very long string (e.g., 5000 characters) in the computer name field and observing if the application crashes.'}, {'type': 'paragraph', 'content': 'No specific network commands are provided in the resources, but a practical approach is to monitor application logs for crashes or errors related to Terminal Services Manager.'}, {'type': 'paragraph', 'content': "A suggested manual test command could be to create a file with 5000 'A' characters and paste its content into the 'Computer name or IP address' field in the application to check if it crashes, as demonstrated in the exploit."}] [2, 3]

Mitigation Strategies

[{'type': 'paragraph', 'content': "Immediate mitigation involves avoiding inputting excessively long strings (such as 5000 bytes) into the 'Computer name or IP address' field in Terminal Services Manager version 3.2.1."}, {'type': 'paragraph', 'content': 'Since the vulnerability causes a denial of service by crashing the application, restricting access to the Terminal Services Manager to trusted users only and monitoring for unusual input attempts can help reduce risk.'}, {'type': 'paragraph', 'content': 'If available, updating to a fixed or newer version of Terminal Services Manager that addresses this buffer overflow vulnerability is recommended.'}] [2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25545. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart