CVE-2018-25169
Published: 06 March 2026
Summary
CVE-2018-25169 is a high-severity Initialization of a Resource with an Insecure Default (CWE-1188) vulnerability. Its CVSS base score is 7.5 (High).
Operationally, ranked at the 35.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Requires documented secure initialization practices and avoidance of insecure defaults in configuration baselines.
Reviewing and updating baseline when components are installed or upgraded prevents initialization with insecure defaults.
Requiring explicit configuration to minimal functionality overrides insecure defaults that would otherwise enable excess capabilities.
Tailoring replaces or augments insecure default initializations with system-specific values and compensating controls before deployment.
Central configuration overrides or replaces insecure default initializations that would otherwise be left unchanged on each system.
SCRM practices during acquisition and configuration management address insecure default initializations shipped by vendors.
Scans detect resources initialized with insecure defaults that create exploitable conditions.
Instruction on secure initialization of security controls prevents leaving resources with insecure defaults after installation.
NVD Description
AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish multiple socket connections and transmit invalid payloads to exhaust server resources and…
more
cause service unavailability.
Deeper analysisAI
CVE-2018-25169 is a denial of service vulnerability in AMPPS 2.7. The flaw allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish multiple socket connections and transmit invalid payloads, exhausting server resources and causing service unavailability. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and maps to CWE-1188.
Remote attackers can exploit this vulnerability over the network with low complexity and no privileges or user interaction required. By repeatedly opening socket connections to the HTTP port and sending crafted invalid data, they can overwhelm the server, resulting in a crash and complete denial of service that renders the AMPPS service unavailable.
Advisories and proof-of-concept exploits are documented in references including Exploit-DB (https://www.exploit-db.com/exploits/45850) and Vulncheck (https://www.vulncheck.com/advisories/ampps-denial-of-service-via-malformed-socket-connection). The CVE was published on 2026-03-06T13:15:58.057.
Details
- CWE(s)