CVE-2019-25583
Received Received - Intake
Denial of Service via Buffer Overflow in RarmaRadio Username Field

Publication date: 2026-03-22

Last updated on: 2026-03-24

Assigner: VulnCheck

Description
RarmaRadio 2.72.3 contains a denial of service vulnerability in the Username field that allows local attackers to crash the application by submitting excessively long input. Attackers can paste a buffer of 5000 bytes into the Username field via Settings > Network to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-22
Last Modified
2026-03-24
Generated
2026-06-16
AI Q&A
2026-03-22
EPSS Evaluated
2026-06-14
NVD
CVE-2019-25583
EUVD
EUVD-2019-19908
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
raimersoft rarmaradio 2.72.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1282 Immutable data, such as a first-stage bootloader, device identifiers, and "write-once" configuration settings are stored in writable memory that can be re-programmed or updated in the field.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25583 is a denial of service vulnerability in RarmaRadio version 2.72.3. It occurs because the application does not properly handle excessively long input in the Username field under Settings > Network.

A local attacker can exploit this by pasting a buffer of 5000 bytes into the Username field, which causes the application to crash.

Impact Analysis

This vulnerability can cause the RarmaRadio application to crash, resulting in a denial of service condition.

Since the attack requires local access and no privileges or user interaction, an attacker with local access can disrupt the availability of the application.

The impact is limited to availability, with no direct impact on confidentiality or integrity.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by attempting to reproduce the denial of service condition locally on the affected system running RarmaRadio 2.72.3. Specifically, you can create a text file containing 5000 'A' characters and then paste this content into the Username field under Settings > Network in the application. If the application crashes upon confirming the input, the vulnerability is present."}, {'type': 'paragraph', 'content': "There are no specific network detection commands since this is a local vulnerability triggered via the application's GUI. Detection involves manual testing rather than network scanning."}, {'type': 'list_item', 'content': 'Create a file named rarma_user.txt containing 5000 \'A\' characters (e.g., using a command like `python -c "print(\'A\'*5000)" > rarma_user.txt`).'}, {'type': 'list_item', 'content': 'Open the file, copy its contents to the clipboard.'}, {'type': 'list_item', 'content': 'Open RarmaRadio, navigate to Settings > Network, paste the clipboard content into the Username field, and click OK.'}, {'type': 'paragraph', 'content': 'If the application crashes, the vulnerability is confirmed.'}] [1, 2]

Mitigation Strategies

[{'type': 'paragraph', 'content': "To mitigate this vulnerability immediately, avoid entering or pasting excessively long input (such as 5000 bytes) into the Username field in RarmaRadio's Settings > Network."}, {'type': 'paragraph', 'content': 'Restrict local access to the application to trusted users only, as the vulnerability requires local interaction.'}, {'type': 'paragraph', 'content': 'Monitor for application crashes and avoid using the vulnerable version 2.72.3 of RarmaRadio until a patched version is available.'}, {'type': 'paragraph', 'content': 'Consider contacting the vendor or checking their website for updates or patches that address this denial of service vulnerability.'}] [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25583. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart