Description
Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. Attackers can paste a 6000-byte buffer of arbitrary data into the 'Serial Number and Registration Key' field to trigger a denial of service condition.
Published: 2026-03-11
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

Folder Lock 7.7.9 contains a buffer overflow in the serial number registration field that allows a local attacker to crash the application by submitting an oversized payload. The overflow occurs when a user enters a 6000‑byte buffer into the 'Serial Number and Registration Key' field, triggering a denial of service. This is a classic memory corruption vulnerability (CWE‑787) that results in application termination but does not grant code execution or compromise system integrity.

Affected Systems

The affected vendor is Newsoftwares, product Folder Lock 7.7.9. The CVE specifies this exact version as vulnerable; no additional versions are listed in the provided data.

Risk and Exploitability

The CVSS score of 6.9 indicates medium to high severity, while the EPSS score of less than 1% indicates very low exploitation probability under current conditions. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires local access – the attacker must be able to run the application or input data into it, making it a local denial‑of‑service condition. Because it affects only the application and not the underlying operating system or other services, the overall risk to the broader system is limited, but it can disrupt user workflows and potentially lead to data loss if unsaved changes are discarded.

Generated by OpenCVE AI on March 17, 2026 at 14:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s latest patch or upgrade Folder Lock to a version that includes the buffer overflow fix.

Generated by OpenCVE AI on March 17, 2026 at 14:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Newsoftwares
Newsoftwares folder Lock
Vendors & Products Newsoftwares
Newsoftwares folder Lock

Wed, 11 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. Attackers can paste a 6000-byte buffer of arbitrary data into the 'Serial Number and Registration Key' field to trigger a denial of service condition.
Title Folder Lock 7.7.9 Denial of Service via Serial Number Field
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Newsoftwares Folder Lock
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-11T19:31:02.931Z

Reserved: 2026-02-22T14:41:09.904Z

Link: CVE-2019-25469

cve-icon Vulnrichment

Updated: 2026-03-11T19:23:00.762Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-11T19:16:00.423

Modified: 2026-03-12T21:08:22.643

Link: CVE-2019-25469

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:29:49Z

Weaknesses