PatchSiren cyber security CVE debrief
CVE-2019-25736 Labf CVE debrief
CVE-2019-25736 is a HIGH severity vulnerability in LabF nfsAxe 3.7 Ping Client. The vulnerability allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP field. Attackers can craft a specially formatted input file with shellcode and overwrite the return address to execute calc.exe or other arbitrary commands. The vulnerability has a CVSS score of 8.6.
- Vendor
- Labf
- Product
- LabF nfsAxe
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Users of LabF nfsAxe 3.7 Ping Client should apply patches or mitigations to prevent local attackers from executing arbitrary code.
Technical summary
The vulnerability is caused by a buffer overflow in the Ping Client of LabF nfsAxe 3.7. The buffer overflow allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP field.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the buffer overflow vulnerability.
- Use secure coding practices to prevent similar vulnerabilities in the future.
- Limit access to the Ping Client to only trusted users and networks.
Evidence notes
The CVE record was obtained from the official CVE website [cve-org]. The vulnerability details were obtained from the NVD database [nvd]. Additional information was obtained from [ref-4], [ref-5], and [ref-6].
Official resources
CVE-2019-25736 was published on 2026-06-04T14:16:31.817Z and modified on 2026-06-04T15:00:40.757Z.