Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-25613

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-22 Mar, 2026 | 13:38
Updated At-23 Mar, 2026 | 16:15
Rejected At-
Credits

Easy Chat Server 3.1 Denial of Service via message Parameter

Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an excessively large message parameter value to cause the service to crash.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:22 Mar, 2026 | 13:38
Updated At:23 Mar, 2026 | 16:15
Rejected At:
▼CVE Numbering Authority (CNA)
Easy Chat Server 3.1 Denial of Service via message Parameter

Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an excessively large message parameter value to cause the service to crash.

Affected Products
Vendor
Echatserver
Product
Easy Chat
Versions
Affected
  • 3.1
Problem Types
TypeCWE IDDescription
CWECWE-940Improper Verification of Source of a Communication Channel
Type: CWE
CWE ID: CWE-940
Description: Improper Verification of Source of a Communication Channel
Metrics
VersionBase scoreBase severityVector
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Miguel Mendez Z
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/46806
exploit
http://www.echatserver.com
product
http://www.echatserver.com/ecssetup.exe
product
https://www.vulncheck.com/advisories/easy-chat-server-denial-of-service-via-message-parameter
third-party-advisory
Hyperlink: https://www.exploit-db.com/exploits/46806
Resource:
exploit
Hyperlink: http://www.echatserver.com
Resource:
product
Hyperlink: http://www.echatserver.com/ecssetup.exe
Resource:
product
Hyperlink: https://www.vulncheck.com/advisories/easy-chat-server-denial-of-service-via-message-parameter
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:22 Mar, 2026 | 14:16
Updated At:02 Apr, 2026 | 20:52

Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an excessively large message parameter value to cause the service to crash.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
echatserver
echatserver
>>easy_chat_server>>3.1
cpe:2.3:a:echatserver:easy_chat_server:3.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-940Primarydisclosure@vulncheck.com
CWE ID: CWE-940
Type: Primary
Source: disclosure@vulncheck.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.echatserver.comdisclosure@vulncheck.com
Broken Link
http://www.echatserver.com/ecssetup.exedisclosure@vulncheck.com
Broken Link
https://www.exploit-db.com/exploits/46806disclosure@vulncheck.com
Exploit
Third Party Advisory
VDB Entry
https://www.vulncheck.com/advisories/easy-chat-server-denial-of-service-via-message-parameterdisclosure@vulncheck.com
Third Party Advisory
Hyperlink: http://www.echatserver.com
Source: disclosure@vulncheck.com
Resource:
Broken Link
Hyperlink: http://www.echatserver.com/ecssetup.exe
Source: disclosure@vulncheck.com
Resource:
Broken Link
Hyperlink: https://www.exploit-db.com/exploits/46806
Source: disclosure@vulncheck.com
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://www.vulncheck.com/advisories/easy-chat-server-denial-of-service-via-message-parameter
Source: disclosure@vulncheck.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

4Records found
CVE-2019-20502
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.49% / 65.61%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 19:14
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in EFS Easy Chat Server 3.1. There is a buffer overflow via a long body2.ghp message parameter.

Action-Not Available
Vendor-echatservern/a
Product-easy_chat_servern/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-51440
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.37% / 58.88%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 09:00
Updated-16 Dec, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions). Affected products incorrectly validate TCP sequence numbers. This could allow an unauthenticated remote attacker to create a denial of service condition by injecting spoofed TCP RST packets.

Action-Not Available
Vendor-Siemens AG
Product-siplus_net_cp_343-1_lean_firmwaresimatic_cp_343-1_leansimatic_cp_343-1simatic_cp_343-1_lean_firmwaresiplus_net_cp_343-1_leansiplus_net_cp_343-1_firmwaresimatic_cp_343-1_firmwaresiplus_net_cp_343-1SIPLUS NET CP 343-1SIMATIC CP 343-1SIPLUS NET CP 343-1 LeanSIMATIC CP 343-1 Lean
CWE ID-CWE-940
Improper Verification of Source of a Communication Channel
CVE-2025-13086
Matching Score-4
Assigner-OpenVPN Inc.
ShareView Details
Matching Score-4
Assigner-OpenVPN Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.04% / 13.36%
||
7 Day CHG-0.00%
Published-03 Dec, 2025 | 19:54
Updated-30 Jan, 2026 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client

Action-Not Available
Vendor-openvpnOpenVPN
Product-openvpnOpenVPN
CWE ID-CWE-940
Improper Verification of Source of a Communication Channel
CVE-2025-40820
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.09% / 24.92%
||
7 Day CHG-0.04%
Published-09 Dec, 2025 | 10:44
Updated-09 Dec, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only if an attacker can inject IP packets with spoofed addresses at precisely timed moments, and it affects only TCP-based services.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC S7-300 CPU 315F-2 PN/DPSIMATIC S7-1500 CPU 1515F-2 PNSIPLUS S7-1200 CPU 1215 DC/DC/DCSIPLUS S7-1500 CPU 1516F-3 PN/DPSIPLUS S7-1200 CPU 1212C DC/DC/DCSIMATIC S7-200 SMART CPU SR30SIMATIC ET 200eco PN, DQ 8x24VDC/2A, M12-LSIMATIC PN/MF CouplerSIPLUS S7-1200 CPU 1215 DC/DC/RLYSIPLUS S7-1200 CPU 1212C AC/DC/RLYSIMATIC S7-200 SMART CPU ST20SIMATIC ET 200SP IM 155-6 PN/3 HFSIPLUS S7-300 CPU 315-2 PN/DPSIMATIC ET 200pro IM 154-8 PN/DP CPUSIMATIC ET 200SP CPU 1512SP-1 PNSIMATIC ET 200SP CPU 1510SP-1 PNSIMATIC S7-300 CPU 319-3 PN/DPSIPLUS S7-300 CPU 314C-2 PN/DPSIMATIC S7-300 CPU 317F-2 PN/DPSIMATIC ET 200clean, CM 8x IO-LinkSIMATIC S7-1500 CPU 1513F-1 PNSIMATIC S7-400 CPU 414F-3 PN/DP V7SIPLUS S7-1200 CPU 1215C DC/DC/DCSIMATIC PN/PN CouplerSIMATIC S7-1200 CPU 1217C DC/DC/DCSIPLUS NET PN/PN CouplerSIMATIC ET 200eco PN, DI 16x24VDC, M12-LSIDOOR ATE530S COATEDSIMATIC ET 200eco PN, AI 8xRTD/TC, M12-LSIMATIC S7-300 CPU 317T-3 PN/DPSIMATIC S7-1200 CPU 1211C DC/DC/DCSIMATIC ET 200eco PN, DI 8x24VDC, M12-LSINUMERIK 840D slSIPLUS ET 200SP IM 155-6 PN HF T1 RAILSIPLUS S7-1200 CPU 1215C AC/DC/RLYSIMATIC S7-1200 CPU 1212C DC/DC/RlySIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)SIMATIC CFU PASIPLUS S7-300 CPU 315F-2 PN/DPSIMATIC S7-1200 CPU 1212FC DC/DC/DCSIMATIC ET 200S IM 151-8F PN/DP CPUSIWAREX WP522 STSIMATIC TDC CP51M1SIMATIC Power Line Booster PLB, Modem Module STSIMATIC S7-200 SMART CPU CR60SIMATIC S7-1200 CPU 1214FC DC/DC/RlySIMATIC S7-410 V10 CPU family (incl. SIPLUS variants)SIMATIC S7-1200 CPU 1215C AC/DC/RlySIPLUS HCS4300 CIM4310SIMATIC S7-300 CPU 317-2 PN/DPSIMATIC S7-400 CPU 412-2 PN V7SIPLUS ET 200SP IM 155-6 PN HF TX RAILSIMATIC ET 200MP IM 155-5 PN HFSIWAREX WP521 STSIMATIC S7-200 SMART CPU SR60SIMATIC ET 200SP IM 155-6 MF HFSIPLUS S7-400 CPU 414-3 PN/DP V7SIMATIC ET 200AL IM 157-1 PNSIMATIC ET 200SP IM 155-6 PN HFSIPLUS S7-1200 CPU 1214 DC/DC/RLYSIMATIC S7-200 SMART CPU CR40SIPLUS S7-1200 CPU 1214FC DC/DC/DCSIMATIC ET 200SP IM 155-6 PN/2 HFSIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)SIPLUS ET 200S IM 151-8F PN/DP CPUSIMATIC S7-1500 CPU 1516F-3 PN/DPSIMATIC ET 200SP CPU 1512SP F-1 PNSIMATIC S7-1500 CPU 1511-1 PNSIPLUS S7-400 CPU 416-3 PN/DP V7SIMATIC S7-400 CPU 414-3 PN/DP V7SIMATIC S7-1200 CPU 1212C AC/DC/RlySIMATIC S7-300 CPU 315-2 PN/DPSIMATIC S7-400 CPU 416F-3 PN/DP V7SIMATIC S7-1200 CPU 1214C AC/DC/RlySIPLUS S7-1200 CPU 1215FC DC/DC/DCSIMATIC ET 200eco PN, DQ 8x24VDC/0,5A, M12-LSIMATIC ET 200eco PN, CM 8x IO-Link, M12-LSIMATIC TDC CPU555SIMOCODE pro V PROFINETSIWAREX WP231SIPLUS HCS4200 CIM4210SIPLUS S7-1200 CPU 1214 AC/DC/RLYSIPLUS S7-1500 CPU 1513-1 PNSIMATIC S7-1500 CPU 1515-2 PNSIMATIC ET 200clean, DI 16x24VDCSIMATIC S7-1200 CPU 1215C DC/DC/DCSIMATIC S7-300 CPU 319F-3 PN/DPSIMATIC Power Line Booster PLB, Base ModuleSIPLUS HCS4200 CIM4210CSIPLUS S7-300 CPU 317-2 PN/DPSIMATIC ET 200pro IM 154-8FX PN/DP CPUSIMATIC ET 200eco PN, CM 4x IO-Link, M12-LSIMATIC S7-400 CPU 416-3 PN/DP V7SIWAREX WP241SIPLUS S7-1200 CPU 1214FC DC/DC/RLYSIMATIC S7-1200 CPU 1214C DC/DC/DCSIPLUS ET 200SP IM 155-6 PN HFSIPLUS ET 200MP IM 155-5 PN HFSIWAREX WP251SIMATIC S7-1200 CPU 1212C DC/DC/DCSIDOOR ATD430WSIMOCODE pro V Ethernet/IP (incl. SIPLUS variants)SIMATIC S7-1500 CPU 1516-3 PN/DPSIMATIC S7-1200 CPU 1211C AC/DC/RlySIPLUS S7-1200 CPU 1214C DC/DC/RLYSIMATIC S7-1200 CPU 1212FC DC/DC/RlySIMATIC S7-200 SMART CPU SR20SIMATIC S7-1200 CPU 1214C DC/DC/RlySIMATIC CFU DIQSIMATIC ET 200clean, DIQ 16x24VDC/0,5ASIMATIC S7-1500 CPU 1513-1 PNSIMATIC S7-200 SMART CPU SR40SIPLUS ET 200S IM 151-8 PN/DP CPUSIMATIC S7-1200 CPU 1215FC DC/DC/DCSIMATIC S7-1200 CPU 1215FC DC/DC/RlySIMATIC S7-1500 CPU 1511F-1 PNSIPLUS S7-1200 CPU 1212 DC/DC/RLYSIPLUS S7-1200 CPU 1214C DC/DC/DC RAILSIPLUS S7-1500 CPU 1516-3 PN/DPSIPLUS ET 200SP CPU 1512SP F-1 PNSIPLUS S7-1500 CPU 1513F-1 PNSIPLUS ET 200MP IM 155-5 PN HF T1 RAILSIPLUS S7-1200 CPU 1214C AC/DC/RLYSIMATIC S7-300 CPU 314C-2 PN/DPSIPLUS S7-1200 CPU 1214C DC/DC/DCSIPLUS S7-300 CPU 317F-2 PN/DPSIMATIC S7-1200 CPU 1215C DC/DC/RlySIMATIC S7-1200 CPU 1214FC DC/DC/DCSIPLUS S7-1200 CPU 1215 AC/DC/RLYSIMATIC S7-200 SMART CPU ST30SIMATIC S7-200 SMART CPU ST60SIPLUS S7-1200 CPU 1212C DC/DC/DC RAILSIMATIC S7-1200 CPU 1211C DC/DC/RlySIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)SIMATIC ET 200SP CPU 1510SP F-1 PNSIPLUS S7-1200 CPU 1212 AC/DC/RLYSIMATIC S7-300 CPU 315T-3 PN/DPSIMATIC ET 200S IM 151-8 PN/DP CPUSIMATIC S7-200 SMART CPU ST40SIPLUS S7-1500 CPU 1511F-1 PNSIDOOR ATE530G COATEDSIMATIC ET 200pro IM 154-8F PN/DP CPUSIMATIC ET 200eco PN, DIQ 16x24VDC/2A, M12-LSIMATIC S7-300 CPU 317TF-3 PN/DPSIPLUS S7-1500 CPU 1511-1 PN
CWE ID-CWE-940
Improper Verification of Source of a Communication Channel
Details not found