top of page
perceptive_background_267k.jpg

Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attackers to crash the application and overwrite…

Published:

4 april 2026 om 22:00:00

Alert date:

5 april 2026 om 22:09:04

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure

CVE-2019-25681 affects Xlight FTP Server version 3.9.1, containing a structured exception handler (SEH) overwrite vulnerability. Local attackers can exploit this by supplying a crafted buffer string through the program execution field in virtual server configuration. The vulnerability allows injection of a 428-byte payload that triggers a buffer overflow, corrupting the SEH chain. This can lead to application crashes and potential code execution. The vulnerability enables attackers to overwrite SEH pointers and gain control of program execution flow.

Technical details

Mitigation steps:

Affected products:

Xlight FTP Server

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2019-25681
https://www.exploit-db.com/exploits/46458
https://www.vulncheck.com/advisories/xlight-ftp-server-seh-overwrite-buffer-overflow
https://www.xlightftpd.com/download/xlight.zip
https://www.xlightftpd.com/index.htm

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page