Plattform
oracle
Komponente
navicat-for-oracle
Behoben in
12.1.16
CVE-2019-25653 is a denial-of-service (DoS) vulnerability affecting Navicat for Oracle. Specifically, supplying an excessively long string in the password field during Oracle connection configuration can crash the application. Navicat for Oracle version 12.1.15 is known to be affected. No official patch is currently available.
The vulnerability is triggered when an attacker provides an excessively long string – specifically, a buffer of 550 repeated characters – as the password parameter during Oracle connection configuration within Navicat for Oracle. This input overwhelms the application's memory handling capabilities, leading to a crash and a denial of service. While the vulnerability does not allow for remote code execution, it can disrupt access to Oracle databases and impact the availability of critical business applications. The impact is amplified in environments where Navicat for Oracle is used to manage multiple Oracle databases.
CVE-2019-25653 was published on March 30, 2026. As of the current date, there are no publicly known active campaigns exploiting this vulnerability. No exploitation details or proof-of-concept (POC) code have been publicly released. The vulnerability's severity is rated as MEDIUM, indicating a moderate risk. It is not currently listed on KEV or EPSS.
Exploit-Status
EPSS
0.02% (3% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2019-25653 is to upgrade to a patched version of Navicat for Oracle. However, a fixed version is not currently available. As a workaround, implement strict input validation on the password field, limiting the maximum length of the input string. Consider using a Web Application Firewall (WAF) to filter malicious requests. Monitor system logs for suspicious activity related to application crashes. After applying mitigations, verify their effectiveness by attempting to trigger the vulnerability with a long password string and confirming that the application does not crash.
Actualizar Navicat for Oracle a una versión posterior a la 12.1.15 para corregir la vulnerabilidad de denegación de servicio. Consultar el sitio web del proveedor para obtener la última versión disponible.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
Version 12.1.15 is the confirmed vulnerable version. Other older versions may also be susceptible.
No, this vulnerability requires local access to the system where Navicat is running.
Restricting local access to the machine where Navicat runs and monitoring system activity are temporary measures.
If you are using Navicat for Oracle version 12.1.15, your system is vulnerable.
Disconnect the system from the network, investigate system activity, and consider reinstalling Navicat from a trusted source.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.