Which versions of Base64 Decoder are affected by CVE-2019-25634?

4mhz Base64 Decoder 1.1.2 contains a local code execution vulnerability (CVE-2019-25634) with publicly available exploit code; however, organizational risk is minimal due to the application's niche…

Is there a public PoC exploit available for CVE-2019-25634?

Yes, a public proof-of-concept exploit is available for CVE-2019-25634. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2019-25634?

Within 24 hours: Identify whether 4mhz Base64 Decoder 1.1.2 is deployed in production or development environments. Within 7 days: If present, implement file-input restrictions, enforce least-privilege execution, and evaluate replacement with an actively maintained base64 decoding tool. Within 30 days: Complete software transition or document formal risk acceptance with business owner sign-off.

Base64 Decoder CVE-2019-25634

Q: What is the CVSS score of CVE-2019-25634?

CVE-2019-25634 has a CVSS 4.0 base score of 8.6 (High). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2019-20008 HIGH

Out-of-bounds Write (CWE-787)

2026-03-24 VulnCheck

GHSA-cpr2-5chx-jmj3

Buffer Overflow Memory Corruption RCE Base64 Decoder

8.6

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

8.6 HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

Jun 03, 2026 - 18:58 vuln.today

v3 (cvss_changed)

Analysis Updated

Jun 03, 2026 - 18:57 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Jun 03, 2026 - 18:52 vuln.today

cvss_changed

CVSS changed

Jun 03, 2026 - 18:52 NVD

8.4 (HIGH) 8.6 (HIGH)

PoC Detected

Mar 24, 2026 - 15:53 vuln.today

Public exploit code

EUVD ID Assigned

Mar 24, 2026 - 11:45 euvd

EUVD-2019-20008

Analysis Generated

Mar 24, 2026 - 11:45 vuln.today

CVE Published

Mar 24, 2026 - 11:27 nvd

HIGH 8.4

DescriptionCVE.org

Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH chain with a POP-POP-RET gadget address, and uses an egghunter payload to locate and execute shellcode for code execution.

AnalysisAI

Local arbitrary code execution in 4mhz Base64 Decoder 1.1.2 occurs when the application processes a maliciously crafted input file, causing a stack-based buffer overflow that overwrites the Structured Exception Handler (SEH) chain. Publicly available exploit code exists (Exploit-DB 46625) demonstrating an SEH overwrite chained with a POP-POP-RET gadget and an egghunter payload to reach attacker-supplied shellcode. Despite CVSS 8.6 and a working PoC, EPSS is only 0.01% (2nd percentile), reflecting the niche Windows utility and local-only attack vector.

Technical ContextAI

The affected software is 4mhz Base64 Decoder (CPE cpe:2.3:a:4mhz:base64_decoder:1.1.2), a small Windows utility distributed from 4mhz.de that decodes Base64-encoded files. The root cause is CWE-787 (Out-of-bounds Write), specifically a classic stack-based buffer overflow during parsing of input file contents. Because the Windows binary lacks adequate SEH protections (e.g., SafeSEH / SEHOP enforcement on the loaded modules used in the chain), an attacker can overwrite the SEH record on the stack with the address of a POP-POP-RET gadget, redirect execution to a short stub, and use an egghunter to locate a larger shellcode payload elsewhere in process memory - a well-documented Windows userland exploitation technique.

RemediationAI

No vendor-released patch identified at time of analysis - 4mhz Base64 Decoder 1.1.2 appears to be the latest version with no successor published on the vendor site. Recommended action is to uninstall or replace the utility with a maintained Base64 tool (e.g., PowerShell's [Convert]::FromBase64String, certutil -decode, or OpenSSL) given the trivial functionality and absence of upstream maintenance. If the tool must remain in use, only process Base64 files from trusted sources, run the application under a low-privilege account, and enable system-wide exploit mitigations via Windows Defender Exploit Guard (force ASLR, DEP, and SEHOP) on b64dec.exe, accepting that SEHOP may not fully neutralize the chain if a non-SafeSEH module is loaded. Monitor the vendor page http://4mhz.de/b64dec.html and the VulnCheck advisory at https://www.vulncheck.com/advisories/base64-decoder-local-buffer-overflow-seh-egghunter for any future fix.

CVE-2019-25634 vulnerability details – vuln.today

Back