CVE-2019-25659
Received Received - Intake
Local Buffer Overflow in ASPRunner Professional Causes DoS

Publication date: 2026-04-05

Last updated on: 2026-04-05

Assigner: VulnCheck

Description
ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long project name. Attackers can paste 180 or more characters into the Project name field during project creation to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-05
Last Modified
2026-04-05
Generated
2026-06-16
AI Q&A
2026-04-06
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25659
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
asprunner professional 6.0.766
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

ASPRunner Professional 6.0.766 has a local buffer overflow vulnerability. This occurs when an attacker inputs a project name that is excessively longβ€”specifically, 180 or more charactersβ€”during project creation. This causes the application to crash.

Impact Analysis

The vulnerability can cause a denial of service (DoS) by crashing the application when an attacker supplies a very long project name. This disrupts normal operation and availability of the software.

Detection Guidance

This vulnerability can be detected by attempting to reproduce the issue on the ASPRunner Professional 6.0.766 application. Specifically, by supplying a project name with 180 or more characters during project creation, you can check if the application crashes, indicating the presence of the buffer overflow.

There are no specific network detection commands or signatures provided for this vulnerability.

Mitigation Strategies

Immediate mitigation steps include avoiding the use of excessively long project names (180 or more characters) during project creation in ASPRunner Professional 6.0.766 to prevent triggering the buffer overflow and application crash.

Since this is a local buffer overflow vulnerability, restricting access to the application to trusted users and environments can reduce the risk of exploitation.

Applying any available patches or updates from the vendor once released is recommended to fully address the vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25659. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart