VYPR
← All advisories
High severity8.4NVD Advisory· Published Jun 4, 2026· Updated Jun 4, 2026

CVE-2019-25736

CVE-2019-25736

Description

LabF nfsAxe 3.7 Ping Client has a buffer overflow allowing local attackers to execute arbitrary code via a malicious payload in the Host IP field.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

LabF nfsAxe 3.7 Ping Client has a buffer overflow allowing local attackers to execute arbitrary code via a malicious payload in the Host IP field.

Vulnerability

LabF nfsAxe version 3.7 Ping Client contains a buffer overflow vulnerability. This vulnerability is triggered when a local attacker supplies a malicious payload in the Host IP field. The affected product is LabF nfsAxe up to and including version 3.7 [1].

Exploitation

An attacker can exploit this vulnerability by crafting a specially formatted input file containing shellcode. This input is provided in the Host IP field. The attacker then overwrites the return address on the stack to gain control of the instruction pointer, allowing for arbitrary code execution [1].

Impact

Successful exploitation of this vulnerability allows a local attacker to execute arbitrary code with the privileges of the vulnerable application. The attacker can achieve this by overwriting the return address to point to their shellcode, enabling the execution of commands such as calc.exe or other arbitrary commands [1].

Mitigation

LabF nfsAxe version 3.7 is affected by this vulnerability. No specific patched version or release date for a fix has been disclosed in the available references. There are no known workarounds or end-of-life status details provided at this time [1].

References
  1. LabF nfsAxe 3.7 Ping Client Buffer Overflow

AI Insight generated on Jun 4, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

3

News mentions

0

No linked articles in our index yet.