CVE-2018-25178
Published: 06 March 2026
Summary
CVE-2018-25178 is a high-severity Path Traversal (CWE-22) vulnerability in Rul10 Easyndexer. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 43.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-14 (Public Access Protections).
Deeper analysis
CVE-2018-25178 is an arbitrary file download vulnerability in Easyndexer 1.0, stemming from improper handling of the file parameter in the showtif.php component, classified under CWE-22 (Path Traversal). This flaw allows attackers to specify arbitrary file paths, enabling the retrieval of sensitive system files such as configuration and initialization files. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), highlighting its high confidentiality impact.
Unauthenticated attackers can exploit this vulnerability remotely with low complexity by sending POST requests to showtif.php, manipulating the file parameter to traverse directories and download restricted files. Successful exploitation requires no privileges or user interaction, potentially exposing sensitive data like credentials or system configurations, though it does not affect integrity or availability.
Advisories and related resources include a public exploit demonstration at https://www.exploit-db.com/exploits/45835 and a detailed vulnerability advisory from Vulncheck at https://www.vulncheck.com/advisories/easyndexer-arbitrary-file-download-via-showtifphp, which document the issue but do not specify patches or mitigations in the available information.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-21633
Vulnerability details
Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary file paths in the file parameter to retrieve system files…
more
like configuration and initialization files.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote exploitation of public-facing web app (T1190) via path traversal enables arbitrary local file reads, directly facilitating access to unsecured credentials and config files (T1552.001).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates path traversal by validating the file parameter in showtif.php to ensure only safe file paths are processed, preventing arbitrary file downloads.
Provides protections against path traversal vulnerabilities in public-facing web endpoints like showtif.php, blocking exploitation attempts.
Enforces access controls to restrict the application from reading sensitive system files even if the file parameter is manipulated.