CVE-2019-25741

CRITICAL 9.8

Mobatek MobaXterm 12.1 Buffer Overflow via Sessions File

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data that triggers the vulnerability when imported and executed, enabling reverse shell execution with user privileges.

CWE	CWE-120
Vendor	mobatek
Product	mobatek mobaxterm
Published	Jun 4, 2026
Last Updated	Jun 4, 2026

Stay Ahead of the Next One

Get instant alerts for mobatek mobatek mobaxterm

Be the first to know when new critical vulnerabilities affecting mobatek mobatek mobaxterm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Mobatek / Mobatek MobaXterm

12.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/47429 download.mobatek.net: https://download.mobatek.net/1112019010310554/MobaXterm_Portable_v11.1.zip vulncheck.com: https://www.vulncheck.com/advisories/mobatek-mobaxterm-buffer-overflow-via-sessions-file

Credits

Xavi Beltran