PatchSiren

PatchSiren cyber security CVE debrief

CVE-2019-25695 r-project CVE debrief

CVE-2019-25695 is a local buffer overflow vulnerability in R 3.4.4 that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. The vulnerability has a CVSS score of 8.6 and is classified as HIGH severity. The issue was published on April 12, 2026, and last modified on June 30, 2026. The CVE record and NVD detail provide more information about the vulnerability. Additionally, various sources such as exploit-db and Vulncheck provide further details and advisories.

Vendor
r-project
Product
R
CVSS
HIGH 8.6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-12
Original CVE updated
2026-06-30
Advisory published
2026-04-12
Advisory updated
2026-06-30

Who should care

Users of R 3.4.4, particularly those using the GUI Preferences language field, should be aware of this vulnerability and take necessary precautions. This vulnerability can be exploited by attackers to execute arbitrary code, potentially leading to system compromise. Therefore, users should prioritize patching and mitigation strategies.

Technical summary

The CVE-2019-25695 vulnerability is a local buffer overflow issue in R 3.4.4. An attacker can inject malicious input into the GUI Preferences language field to execute arbitrary code. The vulnerability has a CVSS score of 8.6, indicating high severity. The CVSS vector is CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. The weakness is classified as CWE-787.

Defensive priority

High priority should be given to patching and mitigating this vulnerability. Users should update to a patched version of R and implement additional security measures to prevent exploitation.

Recommended defensive actions

  • Update to a patched version of R
  • Implement additional security measures to prevent exploitation
  • Monitor systems for suspicious activity
  • Restrict access to the GUI Preferences language field
  • Perform regular vulnerability assessments and penetration testing

Evidence notes

The CVE record and NVD detail provide official information about the vulnerability. Additional sources, such as exploit-db and Vulncheck, provide further details and advisories. The CVSS score and vector provide a quantitative measure of the vulnerability's severity.

Official resources

This article is AI-assisted and based on the supplied source corpus.