CVE-2019-25637
Local Buffer Overflow in X-NetStat Pro 5.63 Enables Code Execution
Publication date: 2026-03-24
Last updated on: 2026-03-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netstat | x-netstat_pro | 5.63 |
| fresh_software | x-netstat_pro | 5.63 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability allows a local attacker to execute arbitrary code on the affected system with the privileges of the vulnerable application. This means an attacker could run malicious programs, potentially leading to full system compromise.
Because the exploit overwrites the EIP register and executes injected shellcode, attackers can perform actions such as installing malware, stealing data, or disrupting system operations.
The high CVSS scores (8.4 in v3.1 and 8.6 in v4.0) reflect the severity and potential impact of this vulnerability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the exploit steps locally on the affected system running X-NetStat Pro 5.63.'}, {'type': 'paragraph', 'content': 'A practical detection method involves running the provided Python script (X-NetStat.py) which generates exploit files, then using the applicationβs HTTP Client and Rules features to inject the egghunter shellcode and payload.'}, {'type': 'list_item', 'content': 'Run the Python script `X-NetStat.py` to generate the exploit files (`egg.txt`, `egghunter-winxp-win7.txt`, `egghunter-win10.txt`).'}, {'type': 'list_item', 'content': 'In X-NetStat Pro, navigate to Tools β HTTP Client and paste the contents of `egg.txt` into the URL field, then close the HTTP Client.'}, {'type': 'list_item', 'content': 'Add a new rule under Rules β Add New Rule β Actions, and paste the appropriate egghunter shellcode file (`egghunter-winxp-win7.txt` or `egghunter-win10.txt`) into the "Run Program" field.'}, {'type': 'list_item', 'content': 'Wait briefly to see if the shellcode executes (e.g., launching calc.exe), indicating the vulnerability is present.'}, {'type': 'paragraph', 'content': 'Alternatively, importing a bulk IP list with the egghunter shellcode pasted into the IP list field and opening it can also trigger the exploit.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
I don't know
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2019-25637 is a local buffer overflow vulnerability in X-NetStat Pro version 5.63 that allows local attackers to execute arbitrary code. The vulnerability occurs due to a 264-byte buffer overflow that overwrites the Extended Instruction Pointer (EIP) register.'}, {'type': 'paragraph', 'content': 'Attackers exploit this by injecting shellcode into memory and using an egg hunter technique, which is a small piece of code that searches memory for the larger payload (the "egg") and executes it. The overflow can be triggered when the application processes malicious input through its HTTP Client or Rules functionality.'}, {'type': 'paragraph', 'content': 'The exploit involves running a script to generate shellcode files, injecting the shellcode via the HTTP Client or Rules interface, and then triggering execution, often demonstrated by launching a calculator application as proof of concept.'}] [1, 2]