CVE-2019-25741
9.8 CRITICALMobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of sessio...
Published: 2026-06-04 · Last updated: 2026-06-04
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-120
Description
Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data that triggers the vulnerability when imported and executed, enabling reverse shell execution with user privileges.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-30141 — An issue was discovered in bitbank2 AnimatedGIF v2.2.0 (9.8 CRITICAL)
- CVE-2026-11517 — A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107 (8.8 HIGH)
- CVE-2026-11516 — A vulnerability was found in UTT HiPER 2610G up to 3.0.0-171107 (5.5 MEDIUM)
- CVE-2019-25736 — LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a... (8.4 HIGH)
- CVE-2019-25735 — AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception hand... (8.4 HIGH)