Local Buffer Overflow in HTML5 Video Player from HTML5VideoPlayer.net
CVE-2019-25689

8.6HIGH

Key Information:

Vendor

Html5videoplayer

Status
Html5 Video Player
Vendor
CVE Published:
12 April 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2019-25689?

HTML5 Video Player version 1.2.5 is susceptible to a local buffer overflow vulnerability that enables attackers to execute arbitrary code. By providing an excessively long key code string, exceeding 997 bytes, an attacker can input a crafted payload in the KEY CODE field within the Help Register dialog. This malicious input can lead to code execution, compromising the security of the application and potentially allowing the attacker to run unauthorized processes, such as spawning a calculator.

Affected Version(s)

HTML5 Video Player 1.2.5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2019-25689 - Proof of Concept

References

https://www.exploit-db.com/exploits/46279
exploit
http://www.html5videoplayer.net/download.html
product
https://www.vulncheck.com/advisories/html5-video-player-l...
third-party-advisory

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dino Covotsos - Telspace Systems
.