Cyber Resilience

CVE-2018-25213

HighPublic PoC

Published: 26 March 2026

Published
26 March 2026
Modified
01 May 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0025 15.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2018-25213 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Nsasoft Nsauditor. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 15.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2018-25213 is a structured exception handling (SEH) buffer overflow vulnerability (CWE-787) in Nsauditor version 3.0.28.0. The flaw resides in the DNS Lookup tool, where insufficient bounds checking on user-supplied input leads to a buffer overflow. This affects the Windows application Nsauditor, a network security auditing tool, with a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for complete system compromise.

Local attackers can exploit this vulnerability by crafting malicious input for the DNS Query field in the DNS Lookup tool. By overwriting the SEH chain and injecting shellcode, attackers achieve arbitrary code execution with the privileges of the running Nsauditor application. No user privileges or special access beyond local system presence are required, and exploitation requires low complexity with no user interaction.

Advisories and related resources, including an exploit proof-of-concept, are available at http://www.nsauditor.com, http://www.nsauditor.com/downloads/nsauditor_setup.exe, https://www.exploit-db.com/exploits/46005, and https://www.vulncheck.com/advisories/nsauditor-local-seh-buffer-overflow. No specific patches or mitigations are detailed in the provided references.

EU & UK References

Vulnerability details

Nsauditor 3.0.28.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input to the DNS Lookup tool. Attackers can craft a payload with SEH chain overwrite and inject shellcode through…

more

the DNS Query field to achieve code execution with application privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local SEH buffer overflow enables arbitrary code execution within the Nsauditor process, directly mapping to exploitation for privilege escalation or code execution on the host.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2020-37119Same product: Nsasoft Nsauditor
CVE-2021-47815Same product: Nsasoft Nsauditor
CVE-2021-47895Same product: Nsasoft Nsauditor
CVE-2020-37130Same product: Nsasoft Nsauditor
CVE-2020-37208Same vendor: Nsasoft
CVE-2016-20044Shared CWE-787
CVE-2026-23326Shared CWE-787
CVE-2024-43077Shared CWE-787
CVE-2024-53697Shared CWE-787
CVE-2025-20890Shared CWE-787

Affected Assets

nsasoft
nsauditor
≤ 3.2.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 requires validation of user-supplied inputs to prevent buffer overflows like the one in the DNS Query field.

prevent

SI-16 implements memory protections such as DEP and ASLR to block SEH chain overwrites and shellcode execution from buffer overflows.

prevent

SI-11 ensures secure error and exception handling to mitigate exploitation via structured exception handling vulnerabilities.

References