High severity8.4NVD Advisory· Published Mar 24, 2026· Updated Apr 15, 2026

CVE-2019-25627

Description

FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overflow. Attackers can craft a malicious text file with carefully aligned shellcode and SEH chain pointers, paste the contents into the Stream Name dialog, and execute arbitrary commands like calc.exe when the exception handler is triggered.

Affected products

Flexhex/Flexhex
cpe:2.3:a:flexhex:flexhex:2.71:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/46665nvdExploitVDB Entry
www.vulncheck.com/advisories/flexhex-local-buffer-overflow-via-seh-unicodenvdThird Party Advisory
www.flexhex.comnvdBroken LinkProduct
www.flexhex.com/download/flexhex_setup.exenvdBroken LinkProduct

News mentions

No linked articles in our index yet.

cvss	0.546
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000