VYPR
High severity8.4NVD Advisory· Published Apr 5, 2026· Updated Apr 9, 2026

CVE-2019-25681

CVE-2019-25681

Description

Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by supplying a crafted buffer string. Attackers can inject a 428-byte payload through the program execution field in virtual server configuration to trigger a buffer overflow that corrupts the SEH chain and enables potential code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:xlightftpd:xlight_ftp_server:3.9.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:xlightftpd:xlight_ftp_server:3.9.1:*:*:*:*:*:*:*
    • (no CPE)range: =3.9.1

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.