CVE-2018-25164
Published: 06 March 2026
Summary
CVE-2018-25164 is a high-severity Files or Directories Accessible to External Parties (CWE-552) vulnerability. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-7 (Least Functionality).
Deeper analysis
CVE-2018-25164 is an arbitrary file download vulnerability in EverSync version 0.5. The issue stems from the files directory being directly accessible, enabling unauthenticated attackers to request and retrieve sensitive files, such as the database file db.sq3, which contains application data and credentials. This flaw is classified under CWE-552 (Files or Directories Accessible to External Parties) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), reflecting high confidentiality impact with no effects on integrity or availability.
Unauthenticated remote attackers can exploit this vulnerability by sending GET requests directly to the files directory endpoint. No user interaction, privileges, or special conditions are required, making it straightforward to execute over the network. Successful exploitation allows attackers to download sensitive files, exposing application data and credentials stored in databases like db.sq3.
Advisories, including those from VulnCheck, describe the arbitrary file download via the files directory. An exploit proof-of-concept is publicly available on Exploit-DB (exploit 45868), confirming practical exploitability. No specific patches or mitigations are detailed in the provided references.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-21619
Vulnerability details
EverSync 0.5 contains an arbitrary file download vulnerability that allows unauthenticated attackers to access sensitive files by requesting them directly from the files directory. Attackers can send GET requests to the files directory to download database files like db.sq3 containing…
more
application data and credentials.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary file download on public-facing app directly enables remote exploitation (T1190) and retrieval of local files/credentials (T1005, T1552.001).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly protects public web servers from unauthorized access to nonpublic sensitive files in exposed directories like the files directory.
Enforces access control policies to block unauthenticated GET requests to sensitive files and directories.
Limits web application functionality to essentials, disabling direct access to file directories containing sensitive data like db.sq3.