Home / Vulnerability Intelligence / CVE-2019-25656

CVE-2019-25656 - Vulnerability Analysis

HighCVSS: 8.4

Last Updated: April 5, 2026

R - Buffer Overflow

Published: April 5, 2026Updated: April 5, 2026

Overview

R i386 3.5.0 contains a buffer overflow caused by improper input handling in the GUI Preferences dialog's 'Language for menus and messages' field, letting local attackers overwrite SEH records and execute arbitrary code, exploit requires local access.

Severity & Score

Severity: High

CVSS Score: 8.4

Impact

Local attackers can execute arbitrary code with the privileges of the application, potentially leading to full system compromise.

Mitigation

Update to the latest version of R.

References

https://www.exploit-db.com/exploits/46288
https://www.r-project.org/
https://www.vulncheck.com/advisories/r-i386-local-buffer-overflow-seh
https://cran.r-project.org/bin/windows/base/old/3.5.0/R-3.5.0-win.exe

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2019-25656
Severity: High
CVSS Score: 8.4
Type: buffer_overflow
Status: new

CWE

CWE-787

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H