CVE-2019-25655
Received Received - Intake
Denial of Service in Device Monitoring Studio Server Connection Dialog

Publication date: 2026-03-30

Last updated on: 2026-04-08

Assigner: VulnCheck

Description
Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the server connection dialog. Attackers can trigger the crash by entering a malformed server name or address containing repeated characters through the Tools menu Connect to New Server interface.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-30
Last Modified
2026-04-08
Generated
2026-06-16
AI Q&A
2026-03-30
EPSS Evaluated
2026-06-14
NVD
CVE-2019-25655
EUVD
EUVD-2019-20047
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hhdsoftware device_monitoring_studio 8.10.00.8925
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1316 The address map of the on-chip fabric has protected and unprotected regions overlapping, allowing an attacker to bypass access control to the overlapping portion of the protected region.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25655 is a denial of service vulnerability in Device Monitoring Studio version 8.10.00.8925 and earlier. It occurs when a local attacker supplies an excessively long string as a malformed server name or address in the "Connect to New Server" dialog accessed via the Tools menu. This input, containing repeated characters, causes the application to crash due to a buffer overflow condition in the Fabric-Address Map component.

Impact Analysis

This vulnerability can cause the Device Monitoring Studio application to crash, resulting in a denial of service. An attacker with local access can exploit this by entering a malformed server name or address with repeated characters, making the application unstable and unavailable to legitimate users.

Detection Guidance

This vulnerability can be detected by attempting to reproduce the crash condition locally on the affected Device Monitoring Studio application.

A proof-of-concept method involves using a script to generate a long string of repeated characters and inputting it into the 'Connect to New Server' dialog under the Tools menu.

  • Run the provided Python script `Device_Monitoring_Studio_8.10.00.8925.py` to generate a file containing a long string of 1000 'A' characters.
  • Open the generated `code.txt` file and copy its contents to the clipboard.
  • Launch Device Monitoring Studio.
  • Navigate to the Tools menu and select 'Connect to New Server.'
  • Paste the copied long string into the server name or address input field and confirm by clicking 'Ok.'

If the application crashes, the vulnerability is present.

Compliance Impact

The provided information does not specify any direct impact of this denial of service vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

To mitigate the denial of service vulnerability in Device Monitoring Studio 8.10.00.8925, avoid entering excessively long or malformed server names or addresses in the "Connect to New Server" dialog accessed via the Tools menu.

Restrict local access to the application to trusted users only, as the vulnerability requires local attacker interaction.

Monitor for any updates or patches from the vendor that address this issue and apply them as soon as they become available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25655. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart