Description
Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data that triggers the vulnerability when imported and executed, enabling reverse shell execution with user privileges.
Published: 2026-06-04
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Mobatek MobaXterm version 12.1 contains a structured exception handling (SEH) based buffer overflow in the username field of session files, a classic CWE‑120 flaw. Importing a crafted session file triggers the overflow, allowing the attacker to execute arbitrary code under the current user’s privileges. The attacker can then establish a reverse shell to gain further control of the affected system.

Affected Systems

The impacted product is Mobatek MobaXterm version 12.1. No other versions or sub‑products are listed as affected in the advisory.

Risk and Exploitability

This vulnerability has a CVSS score of 9.3, indicating a severe risk. EPSS information is unavailable, and the CVE is not listed in the CISA KEV catalog. A remote attacker can deliver a malicious session file to an unsuspecting user; when the user imports or executes the file, the overflow is triggered, leading to remote code execution. The lack of a documented exploit reduces immediate threat, but the high severity justifies prompt attention.

Generated by OpenCVE AI on June 4, 2026 at 15:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Avoid importing session files from untrusted or unknown sources; configure users to only import files verified by legitimate channels.
  • If possible, temporarily disable the session import feature or restrict its use by setting application policies that block external session file handling.
  • Implement network monitoring or firewall rules to detect outbound connections from MobaXterm that may indicate a spawned reverse shell, and block them until a vendor fix is available.

Generated by OpenCVE AI on June 4, 2026 at 15:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
First Time appeared Mobatek
Mobatek mobaxterm
Vendors & Products Mobatek
Mobatek mobaxterm

Thu, 04 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Description Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data that triggers the vulnerability when imported and executed, enabling reverse shell execution with user privileges.
Title Mobatek MobaXterm 12.1 Buffer Overflow via Sessions File
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Mobatek Mobaxterm
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-04T15:06:20.007Z

Reserved: 2026-06-04T11:11:45.519Z

Link: CVE-2019-25741

cve-icon Vulnrichment

Updated: 2026-06-04T14:51:43.002Z

cve-icon NVD

Status : Deferred

Published: 2026-06-04T14:16:32.787

Modified: 2026-06-04T15:00:40.757

Link: CVE-2019-25741

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T07:45:35Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')