PatchSiren cyber security CVE debrief
CVE-2019-25695 r-project CVE debrief
CVE-2019-25695 is a local buffer overflow vulnerability in R 3.4.4 that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. The vulnerability has a CVSS score of 8.6 and is classified as HIGH severity. The issue was published on April 12, 2026, and last modified on June 30, 2026. The CVE record and NVD detail provide more information about the vulnerability. Additionally, various sources such as exploit-db and Vulncheck provide further details and advisories.
- Vendor
- r-project
- Product
- R
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-12
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-04-12
- Advisory updated
- 2026-06-30
Who should care
Users of R 3.4.4, particularly those using the GUI Preferences language field, should be aware of this vulnerability and take necessary precautions. This vulnerability can be exploited by attackers to execute arbitrary code, potentially leading to system compromise. Therefore, users should prioritize patching and mitigation strategies.
Technical summary
The CVE-2019-25695 vulnerability is a local buffer overflow issue in R 3.4.4. An attacker can inject malicious input into the GUI Preferences language field to execute arbitrary code. The vulnerability has a CVSS score of 8.6, indicating high severity. The CVSS vector is CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. The weakness is classified as CWE-787.
Defensive priority
High priority should be given to patching and mitigating this vulnerability. Users should update to a patched version of R and implement additional security measures to prevent exploitation.
Recommended defensive actions
- Update to a patched version of R
- Implement additional security measures to prevent exploitation
- Monitor systems for suspicious activity
- Restrict access to the GUI Preferences language field
- Perform regular vulnerability assessments and penetration testing
Evidence notes
The CVE record and NVD detail provide official information about the vulnerability. Additional sources, such as exploit-db and Vulncheck, provide further details and advisories. The CVSS score and vector provide a quantitative measure of the vulnerability's severity.
Official resources
-
CVE-2019-25695 CVE record
CVE.org
-
CVE-2019-25695 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
- Source reference
- Source reference
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.