Is there a public PoC exploit available for CVE-2019-25467?

Yes, a public proof-of-concept exploit is available for CVE-2019-25467. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2019-25467?

Within 24 hours: Inventory all systems running Verypdf docPrint Pro 8.0 and restrict access to authorized users only; disable remote access if possible. Within 7 days: Implement network segmentation to isolate affected systems and disable password-protected document features if operationally feasible; consider migrating to alternative PDF processing solutions. Within 30 days: Evaluate vendor roadmap for patch availability; if no patch is released, plan migration to a patched alternative solution or retire the software.

CVE-2019-25467

Q: What is the CVSS score of CVE-2019-25467?

CVE-2019-25467 has a CVSS 4.0 base score of 8.6 (High). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

HIGH

Out-of-bounds Write (CWE-787)

2026-03-11 disclosure@vulncheck.com

Buffer Overflow Memory Corruption RCE

8.6

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

8.6 HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 15, 2026 - 15:22 NVD

8.4 (HIGH) 8.6 (HIGH)

Analysis Generated

Mar 12, 2026 - 22:07 vuln.today

PoC Detected

Mar 12, 2026 - 21:08 vuln.today

Public exploit code

CVE Published

Mar 11, 2026 - 19:16 nvd

HIGH 8.4

DescriptionCVE.org

Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with encoded shellcode and SEH chain manipulation to bypass protections and execute a MessageBox proof-of-concept when the password fields are processed during PDF encryption.

AnalysisAI

Technical ContextAI

Classified as CWE-787 (Out-of-bounds Write). Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with encoded shellcode and SEH chain manipulation to bypass protections and execute a MessageBox proof-of-concept when the password fields are processed during PDF encryption.

Affected ProductsAI

Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code

RemediationAI

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible.

CVE-2019-25467 vulnerability details – vuln.today

Back