Cyber Resilience

CVE-2018-25180

HighPublic PoC

Published: 06 March 2026

Published
06 March 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0004 11.9th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-25180 is a high-severity SQL Injection (CWE-89) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 11.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2018-25180 is an SQL injection vulnerability (CWE-89) in Maitra 1.7.2, affecting the outmail and inmail modules. Authenticated attackers can inject malicious code through the mailid parameter to execute arbitrary SQL queries. The application also exposes the SQLite database file directly from its directory, enabling download and extraction of sensitive data.

Attackers require low privileges (PR:L) and network access (AV:N) to exploit this with low complexity (AC:L) and no user interaction (UI:N). Exploitation yields high confidentiality impact (C:H) by dumping mail tracking data and credentials, low integrity impact (I:L), and no availability disruption (A:N), resulting in a CVSS 3.1 base score of 7.1. The unauthenticated scope (S:U) limits lateral movement.

Advisories, including those from Vulncheck, describe the SQL injection via mailid and direct SQLite database download. An exploit is publicly available on Exploit-DB (https://www.exploit-db.com/exploits/45841). No patches or specific mitigations are detailed in the provided references.

EU & UK References

Vulnerability details

Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmail modules. Attackers can also download the SQLite database file directly from the…

more

application directory to extract sensitive mail tracking data and credentials.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

SQL injection in public-facing web app (mail modules) directly enables T1190; exposed SQLite DB file enables credential extraction via T1552.001.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2018-25187Shared CWE-89
CVE-2026-39334Shared CWE-89
CVE-2024-13488Shared CWE-89
CVE-2026-20002Shared CWE-89
CVE-2025-1446Shared CWE-89
CVE-2025-22699Shared CWE-89
CVE-2026-36232Shared CWE-89
CVE-2026-31871Shared CWE-89
CVE-2026-33078Shared CWE-89
CVE-2026-46359Shared CWE-89

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of the mailid parameter to reject SQL metacharacters and block arbitrary query execution.

prevent

Enforces that only authorized, parameterized operations may access mail data, preventing both the injection path and direct SQLite file retrieval.

prevent

Restricts authenticated users to the minimum privileges needed for mail functions, limiting the impact of any successful injection or file access.

References