Platform
php
Component
asprunner-professional
Fixed in
6.0.767
CVE-2019-25659 describes a local buffer overflow vulnerability affecting ASPRunner Professional versions 6.0.766. An attacker can trigger a denial-of-service condition by providing an excessively long project name during project creation. The vulnerability was published on 2026-04-05. A fix is available via upgrade to a patched version.
This vulnerability allows an attacker to cause a denial-of-service (DoS) condition on a system running ASPRunner Professional. By crafting a project name exceeding 180 characters and submitting it during project creation, the application will crash. While the vulnerability is local, it can disrupt development workflows and potentially impact the availability of the ASPRunner Professional environment. Successful exploitation requires direct interaction with the project creation interface, but the impact can be significant if the application is critical to operations.
There is no current indication of active exploitation of CVE-2019-25659. Public proof-of-concept (PoC) code is not widely available. The vulnerability is not listed on the CISA KEV catalog. Given the local nature of the vulnerability and the requirement for direct interaction, the probability of exploitation is considered low.
Exploit Status
EPSS
0.01% (3% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2019-25659 is to upgrade ASPRunner Professional to a version that includes a fix for this buffer overflow. If upgrading immediately is not feasible, consider implementing input validation on the project name field to restrict the maximum length to prevent excessively long strings from being submitted. While a WAF is unlikely to be effective here, careful monitoring of application logs for crash events related to project creation could provide early warning signs of exploitation. After upgrade, confirm by attempting to create a project with a name exceeding 180 characters; the application should not crash.
Update to a patched version of ASPRunner Professional. Consult the vendor documentation (Xlinesoft) for information on available versions and upgrade steps. Avoid using version 6.0.766 until the fix is applied.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2019-25659 is a denial-of-service vulnerability in ASPRunner Professional 6.0.766 where a long project name can crash the application.
You are affected if you are using ASPRunner Professional version 6.0.766 and have not upgraded to a patched version.
Upgrade ASPRunner Professional to a version that includes a fix for this vulnerability. Input validation on the project name field is a temporary workaround.
There is currently no evidence of active exploitation of CVE-2019-25659.
Consult the ASPRunner Professional vendor website for the latest security advisories and patch information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.