echatserver CVE Vulnerabilities & Metrics

Focus on echatserver vulnerabilities and metrics.

Last updated: 16 Apr 2026, 22:25 UTC

About echatserver Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with echatserver. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total echatserver CVEs: 7
Earliest CVE date: 12 Jun 2017, 06:29 UTC
Latest CVE date: 28 Mar 2026, 12:16 UTC

Latest CVE reference: CVE-2018-25221

Rolling Stats

30-day Count (Rolling): 2
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical echatserver CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.21

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	3
4.0-6.9	3
7.0-8.9	1
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS echatserver CVEs

These are the five CVEs with the highest CVSS scores for echatserver, sorted by severity first and recency.

CVE-2017-9544 echatserver Published on 12 Jun 2017, 06:29 UTC (CVSS: 7.5)
There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.
CVE-2019-20502 echatserver Published on 05 Mar 2020, 20:15 UTC (CVSS: 5.0)
An issue was discovered in EFS Easy Chat Server 3.1. There is a buffer overflow via a long body2.ghp message parameter.
CVE-2017-9557 echatserver Published on 12 Jun 2017, 15:29 UTC (CVSS: 5.0)
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.
CVE-2017-9543 echatserver Published on 12 Jun 2017, 06:29 UTC (CVSS: 5.0)
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.
CVE-2018-25221 echatserver Published on 28 Mar 2026, 12:16 UTC (CVSS: 0)
EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets to achieve code execution in the application context.

All CVEs for echatserver

CVE-2018-25221 echatserver vulnerability CVSS: 0 28 Mar 2026, 12:16 UTC

EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets to achieve code execution in the application context.

CVE-2019-25613 echatserver vulnerability CVSS: 0 22 Mar 2026, 14:16 UTC

Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an excessively large message parameter value to cause the service to crash.

CVE-2022-44939 echatserver vulnerability CVSS: 0 06 Jan 2023, 22:15 UTC

Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL.

CVE-2019-20502 echatserver vulnerability CVSS: 5.0 05 Mar 2020, 20:15 UTC

An issue was discovered in EFS Easy Chat Server 3.1. There is a buffer overflow via a long body2.ghp message parameter.

CVE-2017-9557 echatserver vulnerability CVSS: 5.0 12 Jun 2017, 15:29 UTC

register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.

CVE-2017-9544 echatserver vulnerability CVSS: 7.5 12 Jun 2017, 06:29 UTC

There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.

CVE-2017-9543 echatserver vulnerability CVSS: 5.0 12 Jun 2017, 06:29 UTC

register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.