CVE-2019-25590

Name: CVE-2019-25590 — Vulnerability Record
Brand: Quanteta Data Lab
SKU: CVE-2019-25590

MEDIUM

CVSS v3.1: 6.2 · EPSS: 0.0001 (3.1 percentile)

No privilegesNo user interactionVendor advisory ref

Source data as of: 2026-04-17 06:05:21 UTC

At a glance

Severity: MEDIUM
CVSS: 6.2 v3.1 · NVD
EPSS: 0.0001 (3.1 percentile) · FIRST.org
CISA KEV: No
Attack conditions (CVSS vector): No privilegesNo user interaction · Source: NVD Vector
Published: 2026-03-22 · Modified: 2026-04-16
References: Jump to references (4)

CVSS / EPSS / KEV

CVSS v3.1 6.2 / 10 MEDIUM Source: NVD

CVSS v4.0 6.9 / 10 MEDIUM Source: NVD

EPSS 0.0001 3.1 percentile Source: FIRST.org

CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log file name parameter, and trigger a crash when establishing a telnet connection.

Record details

CVE ID: CVE-2019-25590
CVSS (v3.1): 6.2 (MEDIUM)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability subscore: 2.5
Impact subscore: 3.6
EPSS: 0.0001 (3.1 percentile) — 2026-04-17
CISA KEV: No
Weakness (CWE): CWE-1282
Affected configurations (CPE): 0
Published: 2026-03-22
Modified: 2026-04-16
Status: Deferred

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.

Reference http://www.labf.com
Reference http://www.labf.com/download/axessh.exe
Exploit / PoC https://www.exploit-db.com/exploits/46858
Vendor advisory https://www.vulncheck.com/advisories/axessh-denial-of-service-via-log-file-name

← Back to all records