CVE-2019-25711

MEDIUM 6.2

SpotFTP Password Recover 2.4.2 Denial of Service via Name Field

CVSS Score

6.2

EPSS Score

0.0%

EPSS Percentile

5th

SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized buffer in the Name field during registration. Attackers can generate a 256-byte payload, paste it into the Name input field, and trigger a crash when submitting the registration code.

CWE	CWE-807
Vendor	nsauditor
Product	spotftp password recover
Published	Apr 12, 2026
Last Updated	Apr 13, 2026

Stay Ahead of the Next One

Get instant alerts for nsauditor spotftp password recover

Be the first to know when new medium vulnerabilities affecting nsauditor spotftp password recover are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

NSauditor / SpotFTP Password Recover

2.4.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/46088 vulncheck.com: https://www.vulncheck.com/advisories/spotftp-password-recover-denial-of-service-via-name-field

Credits

Luis Martinez