Cyber Resilience

CVE-2018-25178

HighPublic PoC

Published: 06 March 2026

Published
06 March 2026
Modified
16 March 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0058 43.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2018-25178 is a high-severity Path Traversal (CWE-22) vulnerability in Rul10 Easyndexer. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 43.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-14 (Public Access Protections).

Deeper analysis

CVE-2018-25178 is an arbitrary file download vulnerability in Easyndexer 1.0, stemming from improper handling of the file parameter in the showtif.php component, classified under CWE-22 (Path Traversal). This flaw allows attackers to specify arbitrary file paths, enabling the retrieval of sensitive system files such as configuration and initialization files. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), highlighting its high confidentiality impact.

Unauthenticated attackers can exploit this vulnerability remotely with low complexity by sending POST requests to showtif.php, manipulating the file parameter to traverse directories and download restricted files. Successful exploitation requires no privileges or user interaction, potentially exposing sensitive data like credentials or system configurations, though it does not affect integrity or availability.

Advisories and related resources include a public exploit demonstration at https://www.exploit-db.com/exploits/45835 and a detailed vulnerability advisory from Vulncheck at https://www.vulncheck.com/advisories/easyndexer-arbitrary-file-download-via-showtifphp, which document the issue but do not specify patches or mitigations in the available information.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary file paths in the file parameter to retrieve system files…

more

like configuration and initialization files.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Direct remote exploitation of public-facing web app (T1190) via path traversal enables arbitrary local file reads, directly facilitating access to unsecured credentials and config files (T1552.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2020-37015Shared CWE-22
CVE-2025-25684Shared CWE-22
CVE-2020-37088Shared CWE-22
CVE-2026-6381Shared CWE-22
CVE-2026-22199Shared CWE-22
CVE-2026-25992Shared CWE-22
CVE-2020-36939Shared CWE-22
CVE-2026-26217Shared CWE-22
CVE-2022-50932Shared CWE-22
CVE-2026-27305Shared CWE-22

Affected Assets

rul10
easyndexer
1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates path traversal by validating the file parameter in showtif.php to ensure only safe file paths are processed, preventing arbitrary file downloads.

prevent

Provides protections against path traversal vulnerabilities in public-facing web endpoints like showtif.php, blocking exploitation attempts.

prevent

Enforces access controls to restrict the application from reading sensitive system files even if the file parameter is manipulated.

References