CVE-2019-25547
Received Received - Intake
Buffer Overflow in NetAware 1.20 User Blocking Causes Crash

Publication date: 2026-03-21

Last updated on: 2026-03-23

Assigner: VulnCheck

Description
NetAware 1.20 contains a buffer overflow vulnerability in the User Blocking feature that allows local attackers to crash the application by supplying oversized input. Attackers can paste a malicious buffer of 512 bytes into the 'Add a website or keyword to be filtered' field and trigger a crash when removing the created block.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-21
Last Modified
2026-03-23
Generated
2026-06-16
AI Q&A
2026-03-21
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25547
EUVD
EUVD-2019-19842
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
spytech-web netaware 1.20
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2019-25547 is a buffer overflow vulnerability in NetAware version 1.20, specifically in the User Blocking feature. It occurs when a local attacker supplies an oversized input buffer of 512 bytes into the 'Add a website or keyword to be filtered' field. This causes an out-of-bounds write that leads to the application crashing when the created block is removed."}] [1, 2]

Impact Analysis

This vulnerability can be exploited by local attackers to cause a denial of service (DoS) by crashing the NetAware application. The crash happens when the attacker pastes a malicious 512-byte buffer into the filtering input field and then removes the created block, leading to application instability and unavailability.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by reproducing the conditions that trigger the buffer overflow in NetAware 1.20. Specifically, you can test the 'Add a website or keyword to be filtered' input field in the User Blocking feature by supplying an oversized input buffer of 512 bytes."}, {'type': 'paragraph', 'content': 'A practical detection method involves using the provided proof-of-concept exploit steps:'}, {'type': 'list_item', 'content': "Run the Python script 'NetAware.py' to generate a file named 'NetAware.txt' containing 512 'A' characters."}, {'type': 'list_item', 'content': "Copy the contents of 'NetAware.txt' to the clipboard."}, {'type': 'list_item', 'content': "Open the NetAware application and navigate to 'Settings' > 'User Blocking'."}, {'type': 'list_item', 'content': "Click 'Add Block', paste the clipboard content into the input field, and confirm by clicking 'OK'."}, {'type': 'list_item', 'content': "Select the newly created block and click 'Remove' to trigger the crash, confirming the presence of the vulnerability."}] [1]

Mitigation Strategies

[{'type': 'paragraph', 'content': "Immediate mitigation steps include avoiding the use of the 'Add a website or keyword to be filtered' input field with inputs larger than expected, especially inputs of 512 bytes or more."}, {'type': 'paragraph', 'content': 'Restrict local access to the NetAware application to trusted users only, as the vulnerability requires local attacker interaction.'}, {'type': 'paragraph', 'content': 'Monitor for application crashes related to the User Blocking feature and consider disabling or limiting this feature until a patch or update is available.'}] [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25547. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart