{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25548", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-21T12:24:16.207Z", "datePublished": "2026-03-21T12:46:51.527Z", "dateUpdated": "2026-03-23T15:41:46.727Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-21T12:46:51.527Z"}, "title": "BlueStacks 4.80.0.1060 Denial of Service via Search Field", "descriptions": [{"lang": "en", "value": "BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to the search field. Attackers can paste a buffer of 100,000 'A' characters into the search field and trigger a search operation to cause the application to crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Return of Pointer Value Outside of Expected Range", "cweId": "CWE-466", "type": "CWE"}]}], "affected": [{"vendor": "Bluestacks", "product": "BlueStacks", "versions": [{"version": "4.80.0.1060", "status": "affected"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:bluestacks:bluestacks:4.80.0.1060:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:bluestacks:bluestacks:3.0.0:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:bluestacks:bluestacks:4.270.0:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:bluestacks:bluestacks:4.260.0:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:bluestacks:bluestacks:4.250.0:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:bluestacks:bluestacks:4.240.30:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:bluestacks:bluestacks:4.240.20:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:bluestacks:bluestacks:4.240.15:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:bluestacks:bluestacks:4.240.0:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:bluestacks:bluestacks:4.230.20:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:bluestacks:bluestacks:4.230.10:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:bluestacks:bluestacks:4.230.0:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:bluestacks:bluestacks:4.220.0:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:bluestacks:bluestacks:4.215.0:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:bluestacks:bluestacks:4.210.10:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:bluestacks:bluestacks:4.210.0:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:bluestacks:bluestacks:4.205.0:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:bluestacks:bluestacks:4.200.0:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:bluestacks:bluestacks:4.190.0:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:bluestacks:bluestacks:4.180.10:*:*:*:*:*:*:*"}]}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46893", "name": "ExploitDB-46893", "tags": ["exploit"]}, {"url": "https://www.bluestacks.com", "name": "Official Product Homepage", "tags": ["product"]}, {"name": "VulnCheck Advisory: BlueStacks 4.80.0.1060 Denial of Service via Search Field", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/bluestacks-denial-of-service-via-search-field"}], "credits": [{"lang": "en", "value": "Alejandra S\u00e1nchez", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "datePublic": "2019-05-22T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T15:41:40.662603Z", "id": "CVE-2019-25548", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T15:41:46.727Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25548", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T15:41:40.662603Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T15:41:43.512Z"}}], "cna": {"title": "BlueStacks 4.80.0.1060 Denial of Service via Search Field", "credits": [{"lang": "en", "type": "finder", "value": "Alejandra S\u00e1nchez"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Bluestacks", "product": "BlueStacks", "versions": [{"status": "affected", "version": "4.80.0.1060"}]}], "datePublic": "2019-05-22T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46893", "name": "ExploitDB-46893", "tags": ["exploit"]}, {"url": "https://www.bluestacks.com", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/bluestacks-denial-of-service-via-search-field", "name": "VulnCheck Advisory: BlueStacks 4.80.0.1060 Denial of Service via Search Field", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to the search field. Attackers can paste a buffer of 100,000 'A' characters into the search field and trigger a search operation to cause the application to crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-466", "description": "Return of Pointer Value Outside of Expected Range"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.80.0.1060:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:bluestacks:bluestacks:3.0.0:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.270.0:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.260.0:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.250.0:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.240.30:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.240.20:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.240.15:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.240.0:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.230.20:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.230.10:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.230.0:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.220.0:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.215.0:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.210.10:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.210.0:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.205.0:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.200.0:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.190.0:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.180.10:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-21T12:46:51.527Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25548", "state": "PUBLISHED", "dateUpdated": "2026-03-23T15:41:46.727Z", "dateReserved": "2026-03-21T12:24:16.207Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-21T12:46:51.527Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.80.0.1060:*:*:*:*:*:*:*", "matchCriteriaId": "E8663920-DF15-4168-88E5-040BC758921F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to the search field. Attackers can paste a buffer of 100,000 'A' characters into the search field and trigger a search operation to cause the application to crash."}, {"lang": "es", "value": "BlueStacks 4.80.0.1060 contiene una vulnerabilidad de denegaci\u00f3n de servicio que permite a atacantes locales bloquear la aplicaci\u00f3n al enviar una entrada de tama\u00f1o excesivo al campo de b\u00fasqueda. Los atacantes pueden pegar un b\u00fafer de 100.000 caracteres 'A' en el campo de b\u00fasqueda y activar una operaci\u00f3n de b\u00fasqueda para hacer que la aplicaci\u00f3n se bloquee."}], "id": "CVE-2019-25548", "lastModified": "2026-04-16T17:52:18.590", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-21T13:16:16.753", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://www.bluestacks.com"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46893"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/bluestacks-denial-of-service-via-search-field"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-466"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "4.80.0.1060"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "BlueStacks", "source": "cna", "vendor": "Bluestacks"}, "product": "bluestacks", "vendor": "bluestacks"}], "analysis": {"en": {"generated_at": "2026-03-21T15:23:30.282586+00:00", "value": {"mitigation_remediation": ["Download and install the latest BlueStacks release, which includes the fix for the search field overflow.", "If a newer release is unavailable, uninstall the current version to prevent accidental crashes.", "Verify that the search field no longer accepts unusually large input strings; consider disabling the feature if the update cannot be installed.", "Consult BlueStacks support or the vendor's security advisory for confirmation of the patch status."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Affected releases span a broad range of BlueStacks versions, from 3.0.0 through 4.80.0.1060, as listed in the Common Platform Enumeration data. Any installation of BlueStacks running a version within this range is vulnerable, regardless of user license or installation setting.", "description_and_impact": "BlueStacks 4.80.0.1060 contains a vulnerability that allows a local user to cause the application to crash by submitting an oversized input to the search field. The buffer overrun in the search component can be triggered by pasting 100,000 \"A\" characters, resulting in a denial\u2011of\u2011service that terminates the emulator. The issue is catalogued as CWE\u2011466.", "risk_and_exploitability": "The CVSS base score of 6.9 marks this flaw as moderately severe, but the lack of an EPSS value and its absence from the CISA KEV list suggest that widespread exploitation has not yet been documented. Because the exploit requires only local access and a simple paste operation, it can be performed in shared or compromised environments where an attacker can interact with the user interface."}}}}, "created": "2026-03-23T09:49:31.919122+00:00", "updated": "2026-03-25T14:47:34.641856+00:00", "vendors": ["bluestacks", "bluestacks$PRODUCT$bluestacks"]}