{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25463", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-02-22T14:03:36.017Z", "datePublished": "2026-03-11T18:23:08.281Z", "dateUpdated": "2026-04-07T14:04:22.548Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-07T14:04:22.548Z"}, "title": "SpotIE Internet Explorer Password Recovery 2.9.5 Key Field DoS", "descriptions": [{"lang": "en", "value": "SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 256-character payload into the Key field during registration to trigger a buffer overflow and crash the application."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "affected": [{"vendor": "Nsauditor", "product": "SpotIE Internet Explorer Password Recovery", "versions": [{"version": "2.9.5", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/47404", "name": "ExploitDB-47404", "tags": ["exploit"]}, {"name": "VulnCheck Advisory: SpotIE Internet Explorer Password Recovery 2.9.5 Key Field DoS", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/spotie-internet-explorer-password-recovery-key-field-dos"}], "credits": [{"lang": "en", "value": "Emilio Revelo", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "datePublic": "2019-09-20T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25463", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-11T18:44:47.718034Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T19:31:03.904Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25463", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-11T18:44:47.718034Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T19:23:12.010Z"}}], "cna": {"title": "SpotIE Internet Explorer Password Recovery 2.9.5 Key Field DoS", "credits": [{"lang": "en", "type": "finder", "value": "Emilio Revelo"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Nsauditor", "product": "SpotIE Internet Explorer Password Recovery", "versions": [{"status": "affected", "version": "2.9.5"}]}], "references": [{"url": "https://www.exploit-db.com/exploits/47404", "name": "ExploitDB-47404", "tags": ["exploit"]}, {"url": "https://www.vulncheck.com/advisories/spotie-internet-explorer-password-recovery-key-field-dos", "name": "VulnCheck Advisory: SpotIE Internet Explorer Password Recovery 2.9.5 Key Field DoS", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 256-character payload into the Key field during registration to trigger a buffer overflow and crash the application."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-11T18:23:08.281Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25463", "state": "PUBLISHED", "dateUpdated": "2026-03-11T19:31:03.904Z", "dateReserved": "2026-02-22T14:03:36.017Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-11T18:23:08.281Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 256-character payload into the Key field during registration to trigger a buffer overflow and crash the application."}, {"lang": "es", "value": "SpotIE Internet Explorer Password Recovery 2.9.5 contiene una vulnerabilidad de denegaci\u00f3n de servicio en el campo de entrada de la clave de registro que permite a atacantes locales bloquear la aplicaci\u00f3n al introducir una cadena excesivamente larga. Los atacantes pueden pegar una carga \u00fatil de 256 caracteres en el campo Key durante el registro para desencadenar un desbordamiento de b\u00fafer y bloquear la aplicaci\u00f3n."}], "id": "CVE-2019-25463", "lastModified": "2026-04-15T14:56:45.970", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-11T19:15:59.260", "references": [{"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/47404"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/spotie-internet-explorer-password-recovery-key-field-dos"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.9.5"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "SpotIE Internet Explorer Password Recovery", "source": "cna", "vendor": "Nsauditor"}, "product": "spotie_internet_explorer_password_recovery", "vendor": "nsauditor"}], "analysis": {"en": {"generated_at": "2026-03-17T15:08:39.267325+00:00", "value": {"mitigation_remediation": ["Apply any vendor patch or update to SpotIE Internet Explorer Password Recovery that addresses the key field buffer overflow.", "If no patch is available, restrict local access to the application or disable the registration feature to prevent exploitation.", "Verify the fix by attempting to register with a 256\u2011character key to ensure the application no longer crashes."], "summary": {"action": "Patch Update", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Affected product: Nsauditor:SpotIE Internet Explorer Password Recovery version 2.9.5. No additional version detail is supplied by the CNA. The flaw is local, requiring the attacker to run the application on the target machine or be able to manipulate the registration form in that environment.", "description_and_impact": "SpotIE Internet Explorer Password Recovery 2.9.5 includes a buffer overflow vulnerability (CWE-787) in the registration key input field. An attacker with local access can paste a 256\u2011character payload into the Key field during registration to trigger the overflow and crash the application, resulting in a denial\u2011of\u2011service condition. The crash limits the impact to application availability; it does not provide direct access to sensitive data or further code execution.", "risk_and_exploitability": "The CVSS score of 6.9 indicates a medium severity vulnerability. EPSS is below 1%, reflecting a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Attackers need local access; thus the risk is confined to availability. The medium CVSS score together with the low EPSS suggest that the overall risk to systems is moderate but primarily limited to service disruption."}}}}, "created": "2026-03-12T09:57:20.691756+00:00", "updated": "2026-03-20T15:29:55.229458+00:00", "vendors": ["nsauditor", "nsauditor$PRODUCT$spotie_internet_explorer_password_recovery"]}