CVE-2019-25593
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2026-03-22

Last updated on: 2026-03-23

Assigner: VulnCheck

Description
jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Log directory configuration field. Attackers can paste a buffer of 5000 characters into the Log directory input, then click Start to trigger a crash that terminates the server process.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-22
Last Modified
2026-03-23
Generated
2026-06-16
AI Q&A
2026-03-22
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25593
EUVD
EUVD-2019-19928
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1285 The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25593 is a denial of service vulnerability in jetCast Server version 2.0. It occurs because the application does not properly validate the length of input supplied in the Log directory configuration field.

A local attacker can supply an excessively long stringβ€”specifically a buffer of 5000 charactersβ€”into this Log directory field. When the server process is started with this input, it causes a buffer overflow that crashes the application, terminating the server process.

Impact Analysis

This vulnerability can cause the jetCast Server application to crash, resulting in a denial of service condition.

An attacker with local access can exploit this by inputting a very long string into the Log directory configuration, causing the server to terminate unexpectedly.

The impact is that the service provided by the jetCast Server becomes unavailable until it is restarted, potentially disrupting operations that depend on it.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the crash condition on the jetCast Server 2.0 application by supplying an excessively long string in the Log directory configuration field.'}, {'type': 'list_item', 'content': 'Run the provided Python script `jetCast_Server_2.0.py` to generate a test input file.'}, {'type': 'list_item', 'content': 'Open the generated file `jetCast.txt` and copy its contents (a 5000-character string).'}, {'type': 'list_item', 'content': 'Launch the jetCast Server application.'}, {'type': 'list_item', 'content': 'Navigate to the "Config" menu.'}, {'type': 'list_item', 'content': 'Paste the copied 5000-character string into the "Log directory" field.'}, {'type': 'list_item', 'content': 'Click "Ok" and then "Start" to initiate the server.'}, {'type': 'paragraph', 'content': 'If the application crashes or terminates unexpectedly, the vulnerability is present.'}] [1]

Mitigation Strategies

Immediate mitigation steps include avoiding the use of excessively long strings in the Log directory configuration field of jetCast Server 2.0.

Restrict local user access to the jetCast Server configuration to prevent attackers from supplying malicious input.

Monitor the application for crashes and restart the server if it terminates unexpectedly.

Consider applying any available patches or updates from the vendor once released.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25593. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart