CVE-2018-25320
published 2026-05-17CVE-2018-25320: ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.58%
43.1th percentile
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to establish reverse shells and gain complete system control.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| acl | acl_analytics | 11.0 – 13.0.0.579 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
ACL Analytics up to 13.0.0.579 Powershell Script EXECUTE code injection (Exploit 44281 / EUVD-2018-21841)
vuldb·2026-05-17·CVSS 9.3
CVE-2018-25320 [CRITICAL] ACL Analytics up to 13.0.0.579 Powershell Script EXECUTE code injection (Exploit 44281 / EUVD-2018-21841)
A vulnerability described as critical has been identified in ACL Analytics up to 13.0.0.579. Affected is the function EXECUTE of the component Powershell Script Handler. Such manipulation leads to code injection.
This vulnerability is listed as CVE-2018-25320. The attack may be performed from remote. In addition, an exploit is available.
GHSA
GHSA-r572-97xj-7hcj: ACL Analytics versions 11
ghsa_unreviewed·2026-05-17
CVE-2018-25320 [CRITICAL] CWE-94 GHSA-r572-97xj-7hcj: ACL Analytics versions 11
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to establish reverse shells and gain complete system control.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-17
Published