vulnerability context

CVE-2018-25265

CVSS 8.4 HIGHEPSS 4.7%CWE-787

LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious payloads using egghunter techniques to locate and execute shellcode, triggering code execution through SEH chain manipulation and controlled jumps.

Published 2026-04-22 · last modified 2026-04-27

details

CISA KEV status: Not in catalog
CVSS v3: 8.4 / HIGH
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS: 4.7% percentile (score 0.0002)
CWE: CWE-787

View on NVD → · cve.org

source mentions 1

[CyberHub] 📌 CVE-2018-25265 - LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows l...Bluesky:@cyberhub.blog · 9d ago

source consensus

Bluesky:@cyberhub.blog1×

Want the 3-bullet summary of CVE-2018-25265, plus webhook alerts when KEV is updated? Pro is $10/mo.

Open in reader See Pro →