CVE-2019-25666

SpotAuditor 3.6.7 Denial of Service Buffer Overflow

CVSS 6.9 MEDIUMEPSS 0.2%CWE-787

Vexday Risk Score

33Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 6.9EPSS 0.2%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

05 Apr 2026Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

SpotAuditor 3.6.7 contains a local buffer overflow vulnerability in the Base64 Password Decoder component that allows attackers to crash the application. Attackers can supply an oversized Base64 string through the decoder interface to trigger a denial of service condition.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected products

Nsauditor · SpotAuditor

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/46313unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/46313 https://www.vulncheck.com/advisories/spotauditor-denial-of-service-buffer-overflow http://www.nsauditor.com/order.html