CVE-2018-25328
published 2026-05-17CVE-2018-25328: VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in…
PriorityP338high8.4CVSS 3.1
AVLACLPRNUINSUCHIHAH
EPSS
0.15%
4.4th percentile
VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Attackers can craft a malicious input file containing 271 bytes of junk data followed by a return address to execute arbitrary code with application privileges.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vxsearch | vx_search | — | — |
CVSS provenance
nvdv3.18.4HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.6HIGHCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wcf6-c97r-gp58: VX Search 10
ghsa_unreviewed·2026-05-17
CVE-2018-25328 [HIGH] CWE-120 GHSA-wcf6-c97r-gp58: VX Search 10
VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Attackers can craft a malicious input file containing 271 bytes of junk data followed by a return address to execute arbitrary code with application privileges.
VulDB
vxsearch VX Search 10.6.18 directory buffer overflow (Exploit 44494 / EUVD-2018-21852)
vuldb·2026-05-17·CVSS 8.6
CVE-2018-25328 [HIGH] vxsearch VX Search 10.6.18 directory buffer overflow (Exploit 44494 / EUVD-2018-21852)
A vulnerability identified as critical has been detected in vxsearch VX Search 10.6.18. Affected is an unknown function. This manipulation of the argument directory causes buffer overflow.
The identification of this vulnerability is CVE-2018-25328. The attack can only be executed locally. Furthermore, there is an exploit available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-17
Published