How to fix CVE-2019-25330?

Within 24 hours: Inventory all SurfOffline Professional 2.2.0.103 deployments and restrict access to trusted users only. Within 7 days: Disable the project file upload/import feature if business operations permit, or implement input validation at the application level. Within 30 days: Evaluate migration to alternative solutions, contact vendor for patch timeline, or implement application whitelisting and file integrity monitoring to detect suspicious project file activity.

CVE-2019-25330

HIGH

2026-02-12 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

PoC Detected

Feb 13, 2026 - 14:23 vuln.today

Public exploit code

CVE Published

Feb 12, 2026 - 23:16 nvd

HIGH 7.5

Description

SurfOffline Professional 2.2.0.103 contains a structured exception handler (SEH) overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers can generate a malicious payload of 382 'A' characters followed by specific byte sequences to trigger a denial of service condition and overwrite SEH registers.

Analysis

Technical Context

Classified as CWE-121 (Stack-based Buffer Overflow). SurfOffline Professional 2.2.0.103 contains a structured exception handler (SEH) overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers can generate a malicious payload of 382 'A' characters followed by specific byte sequences to trigger a denial of service condition and overwrite SEH registers.

Affected Products

SurfOffline Professional 2.2.0.103 contains a structured exception handler (SEH) overflow vulnerability that allows attackers to crash the application

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: +20

CVE-2019-25330 vulnerability details – vuln.today

Back

CVE-2019-25330

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2019-25330

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code