PatchSiren cyber security CVE debrief
CVE-2019-25741 Mobatek CVE debrief
CVE-2019-25741 is a structured exception handling (SEH) based buffer overflow vulnerability in Mobatek MobaXterm 12.1. The vulnerability is triggered when a malicious MobaXterm sessions file with overflow data is imported and executed, enabling reverse shell execution with user privileges. The vulnerability has a CVSS score of 9.3 and is classified as CRITICAL.
- Vendor
- Mobatek
- Product
- Mobatek MobaXterm
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Users of Mobatek MobaXterm 12.1, administrators, and security teams should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by a buffer overflow in the username field of session files. An attacker can craft a malicious MobaXterm sessions file with overflow data that triggers the vulnerability when imported and executed.
Defensive priority
High
Recommended defensive actions
- Update to a patched version of Mobatek MobaXterm, if available.
- Use caution when importing and executing MobaXterm sessions files from untrusted sources.
- Implement additional security measures, such as monitoring and restricting access to sensitive areas of the system.
Evidence notes
The vulnerability is reported to exist in Mobatek MobaXterm 12.1. The vendor is identified as Mobatek, based on the evidence from reference_domain_candidate.
Official resources
CVE-2019-25741 was published on 2026-06-04T14:16:32.787Z and modified on 2026-06-04T15:00:40.757Z.