{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25618", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-22T13:32:07.387Z", "datePublished": "2026-03-22T13:38:49.725Z", "dateUpdated": "2026-03-24T15:14:27.527Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-22T13:38:49.725Z"}, "datePublic": "2019-04-12T00:00:00.000Z", "title": "AdminExpress 1.2.5 Denial of Service via System Compare", "descriptions": [{"lang": "en", "value": "AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the System Compare feature. Attackers can paste a large buffer of characters into the Folder Path field and trigger the comparison function to cause the application to become unresponsive or crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "External Control of File Name or Path", "cweId": "CWE-73", "type": "CWE"}]}], "affected": [{"vendor": "Admin-Express", "product": "AdminExpress", "versions": [{"version": "1.2.5.485", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46711", "name": "ExploitDB-46711", "tags": ["exploit"]}, {"url": "https://admin-express.en.softonic.com/", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: AdminExpress 1.2.5 Denial of Service via System Compare", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/adminexpress-denial-of-service-via-system-compare"}], "credits": [{"lang": "en", "value": "M\u00fccahit \u0130smail Akta\u015f", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T14:01:10.967505Z", "id": "CVE-2019-25618", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T15:14:27.527Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25618", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T14:01:10.967505Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:01:12.228Z"}}], "cna": {"title": "AdminExpress 1.2.5 Denial of Service via System Compare", "credits": [{"lang": "en", "type": "finder", "value": "M\u00fccahit \u0130smail Akta\u015f"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Admin-Express", "product": "AdminExpress", "versions": [{"status": "affected", "version": "1.2.5.485"}]}], "datePublic": "2019-04-12T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46711", "name": "ExploitDB-46711", "tags": ["exploit"]}, {"url": "https://admin-express.en.softonic.com/", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/adminexpress-denial-of-service-via-system-compare", "name": "VulnCheck Advisory: AdminExpress 1.2.5 Denial of Service via System Compare", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the System Compare feature. Attackers can paste a large buffer of characters into the Folder Path field and trigger the comparison function to cause the application to become unresponsive or crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "External Control of File Name or Path"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-22T13:38:49.725Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25618", "state": "PUBLISHED", "dateUpdated": "2026-03-24T15:14:27.527Z", "dateReserved": "2026-03-22T13:32:07.387Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-22T13:38:49.725Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the System Compare feature. Attackers can paste a large buffer of characters into the Folder Path field and trigger the comparison function to cause the application to become unresponsive or crash."}, {"lang": "es", "value": "AdminExpress 1.2.5 contiene una vulnerabilidad de denegaci\u00f3n de servicio que permite a atacantes locales bloquear la aplicaci\u00f3n al enviar una entrada de tama\u00f1o excesivo a trav\u00e9s de la funci\u00f3n System Compare. Los atacantes pueden pegar un b\u00fafer grande de caracteres en el campo Folder Path y activar la funci\u00f3n de comparaci\u00f3n para hacer que la aplicaci\u00f3n deje de responder o se bloquee."}], "id": "CVE-2019-25618", "lastModified": "2026-04-16T16:19:50.757", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-22T14:16:30.693", "references": [{"source": "disclosure@vulncheck.com", "url": "https://admin-express.en.softonic.com/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/46711"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/adminexpress-denial-of-service-via-system-compare"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-73"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.2.5.485"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "AdminExpress", "source": "cna", "vendor": "Admin-Express"}, "product": "adminexpress", "vendor": "admin-express"}], "analysis": {"en": {"generated_at": "2026-03-22T15:50:46.380900+00:00", "value": {"mitigation_remediation": ["Apply the latest vendor patch or upgrade to a newer release for AdminExpress immediately.", "If no patch is available, restrict the length of input in the Folder Path field via custom validation or configuration.", "Monitor application logs for signs of crashes or unresponsiveness to detect potential exploitation attempts."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "AdminExpress version 1.2.5 from the vendor Admin\u2011Express. No other versions or products are listed as impacted.", "description_and_impact": "The flaw allows a local attacker to submit an oversized string into the Folder Path field of the System Compare feature, causing the application to become unresponsive or crash and thereby disrupting availability. While the description does not explicitly state a buffer overflow, the absence of bounds checking on this input leads the analyst to infer that a buffer-related issue is at play.", "risk_and_exploitability": "The CVSS score of 6.9 signifies moderate severity. No EPSS data is available, and the flaw is not listed in the CISA KEV catalog, suggesting limited known exploitation. The description indicates that only local access is required, implying a local attack vector. The lack of bounds checking implies low exploitation complexity, although this conclusion is inferred from the input."}}}}, "created": "2026-03-23T09:46:03.588610+00:00", "updated": "2026-03-25T14:50:40.260769+00:00", "vendors": ["admin-express", "admin-express$PRODUCT$adminexpress"]}