CVE-2019-25613

HIGH 7.5

Easy Chat Server 3.1 Denial of Service via message Parameter

CVSS Score

7.5

EPSS Score

0.1%

EPSS Percentile

29th

Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an excessively large message parameter value to cause the service to crash.

CWE	CWE-940
Vendor	echatserver
Product	easy chat
Published	Mar 22, 2026
Last Updated	Mar 23, 2026

Stay Ahead of the Next One

Get instant alerts for echatserver easy chat

Be the first to know when new high vulnerabilities affecting echatserver easy chat are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

Echatserver / Easy Chat

3.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/46806 echatserver.com: http://www.echatserver.com echatserver.com: http://www.echatserver.com/ecssetup.exe vulncheck.com: https://www.vulncheck.com/advisories/easy-chat-server-denial-of-service-via-message-parameter

Credits

Miguel Mendez Z