How severe is CVE-2019-25475?

Medium severity. CVSS v3 base score is 6.2 out of 10.

Buffer overflow in Top-password Sql Server Password Changer Denial Of Service Exploit

CVE-2019-25475

SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration C…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (5.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.2 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Top-password Sql Server Password Changer Denial Of Service Exploit — versions 1.90

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

ExploitDB-47318 (exploit)
VulnCheck Advisory: SQL Server Password Changer 1.90 Denial of Service Buffer Overflow (third-party-advisory)

Frequently asked questions

What is CVE-2019-25475?: CVE-2019-25475 is a medium-severity vulnerability in Top-password Sql Server Password Changer Denial Of Service Exploit, classified under Out-of-bounds Write. CVSS score: 6.2/10. Published 2026-03-11.
How severe is CVE-2019-25475?: Medium severity. CVSS v3 base score is 6.2 out of 10.