CVE-2018-25108
Published: 16 January 2025
Summary
CVE-2018-25108 is a high-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Vde (inferred from references). Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 21.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-14 (Public Access Protections) and SC-5 (Denial-of-service Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SC-5 enforces denial-of-service protections that directly mitigate uncontrolled resource consumption by unauthenticated remote attackers.
SC-6 protects system resource availability against unauthorized consumption, addressing the core CWE-770 issue in this CVE.
SC-14 provides protections against DoS events specifically at public access interfaces exploited by unauthenticated remote attackers.
NVD Description
An unauthenticated remote attacker can cause a DoS in the controller due to uncontrolled resource consumption.
Deeper analysisAI
CVE-2018-25108 is a vulnerability characterized by uncontrolled resource consumption (CWE-770), enabling an unauthenticated remote attacker to cause a Denial of Service (DoS) condition in the controller. The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its impact on availability. It was published on 2025-01-16.
An unauthenticated attacker with network access can exploit this vulnerability with low complexity and no privileges or user interaction required. Successful exploitation results in significant resource exhaustion, leading to a DoS that disrupts the controller's functionality.
The advisory at https://cert.vde.com/en/advisories/VDE-2018-013 provides details on mitigation strategies for this vulnerability.
Details
- CWE(s)