What is the CVSS score of CVE-2019-25365?

CVE-2019-25365 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of Windows are affected by CVE-2019-25365?

CVE-2019-25365 is a critical buffer overflow vulnerability in ChaosPro 2.0 that enables remote code execution through malicious configuration files.

Is there a public PoC exploit available for CVE-2019-25365?

Yes, a public proof-of-concept exploit is available for CVE-2019-25365. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2019-25365?

Within 24 hours: Identify all systems running ChaosPro 2.0 and isolate them from production networks if possible; disable the application if not business-critical. Within 7 days: Implement network segmentation to restrict access to ChaosPro instances and implement file integrity monitoring on configuration directories. Within 30 days: Evaluate migration to alternative solutions or obtain vendor security updates; if ChaosPro remains in use, establish continuous monitoring for exploitation attempts.

Windows CVE-2019-25365

CRITICAL

Stack-based Buffer Overflow (CWE-121)

2026-02-18 disclosure@vulncheck.com

Windows RCE Buffer Overflow

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 19, 2026 - 15:53 vuln.today

Public exploit code

CVE Published

Feb 18, 2026 - 22:16 nvd

CRITICAL 9.8

DescriptionNVD

ChaosPro 2.0 contains a buffer overflow vulnerability in the configuration file path handling that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers can craft a malicious configuration file with carefully constructed payload to overwrite memory and gain remote code execution on vulnerable Windows XP systems.

AnalysisAI

Buffer overflow in ChaosPro 2.0 fractal generator via configuration file path handling allows code execution through crafted configuration files. PoC available.

Technical ContextAI

CWE-121 stack overflow in file path processing. Oversized path in configuration triggers overflow.

Affected ProductsAI

ChaosPro 2.0

RemediationAI

Update ChaosPro. Validate path lengths in configuration parsing.

CVE-2019-25365 vulnerability details – vuln.today

Back

Windows CVE-2019-25365

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code