CVE-2018-25164
Published: 06 March 2026
Summary
CVE-2018-25164 is a high-severity Files or Directories Accessible to External Parties (CWE-552) vulnerability. Its CVSS base score is 7.5 (High).
Operationally, ranked at the 24.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Controls on authorized publication limit files and directories with nonpublic data from becoming accessible to external parties.
Controlling and documenting P2P file sharing prevents files and directories from being made accessible to external parties for unauthorized distribution.
Identifying and documenting file and directory locations allows restriction of access to external parties.
Protecting backup files ensures they are not accessible to external parties or unauthorized spheres.
Sanitizing equipment before off-site maintenance reduces the risk of files or directories containing sensitive data becoming accessible to external parties.
Policy restricts media access to authorized parties only, preventing exposure of resources to external or unauthorized actors.
Media access restrictions prevent files or directories from being accessible to external parties.
Employing and evaluating controls at documented alternate sites makes files and directories less likely to be accessible to external parties through physical or environmental weaknesses.
NVD Description
EverSync 0.5 contains an arbitrary file download vulnerability that allows unauthenticated attackers to access sensitive files by requesting them directly from the files directory. Attackers can send GET requests to the files directory to download database files like db.sq3 containing…
more
application data and credentials.
Deeper analysisAI
CVE-2018-25164 is an arbitrary file download vulnerability in EverSync version 0.5. The issue stems from the files directory being directly accessible, enabling unauthenticated attackers to request and retrieve sensitive files, such as the database file db.sq3, which contains application data and credentials. This flaw is classified under CWE-552 (Files or Directories Accessible to External Parties) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), reflecting high confidentiality impact with no effects on integrity or availability.
Unauthenticated remote attackers can exploit this vulnerability by sending GET requests directly to the files directory endpoint. No user interaction, privileges, or special conditions are required, making it straightforward to execute over the network. Successful exploitation allows attackers to download sensitive files, exposing application data and credentials stored in databases like db.sq3.
Advisories, including those from VulnCheck, describe the arbitrary file download via the files directory. An exploit proof-of-concept is publicly available on Exploit-DB (exploit 45868), confirming practical exploitability. No specific patches or mitigations are detailed in the provided references.
Details
- CWE(s)