CVE-2018-25213

HighPublic PoC

Published: 26 March 2026

Published

26 March 2026

Modified

01 May 2026

KEV Added

—

Patch

—

CVSS Score 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0001 0.5th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-25213 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Nsasoft Nsauditor. Its CVSS base score is 8.4 (High).

Operationally, ranked at the 0.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

SI-10 requires validation of user-supplied inputs to prevent buffer overflows like the one in the DNS Query field.

SI-16 Memory Protection good match

prevent

SI-16 implements memory protections such as DEP and ASLR to block SEH chain overwrites and shellcode execution from buffer overflows.

SI-11 Error Handling partial match

prevent

SI-11 ensures secure error and exception handling to mitigate exploitation via structured exception handling vulnerabilities.

NVD Description

Nsauditor 3.0.28.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input to the DNS Lookup tool. Attackers can craft a payload with SEH chain overwrite and inject shellcode through…

the DNS Query field to achieve code execution with application privileges.

Deeper analysisAI

CVE-2018-25213 is a structured exception handling (SEH) buffer overflow vulnerability (CWE-787) in Nsauditor version 3.0.28.0. The flaw resides in the DNS Lookup tool, where insufficient bounds checking on user-supplied input leads to a buffer overflow. This affects the Windows application Nsauditor, a network security auditing tool, with a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for complete system compromise.

Local attackers can exploit this vulnerability by crafting malicious input for the DNS Query field in the DNS Lookup tool. By overwriting the SEH chain and injecting shellcode, attackers achieve arbitrary code execution with the privileges of the running Nsauditor application. No user privileges or special access beyond local system presence are required, and exploitation requires low complexity with no user interaction.

Advisories and related resources, including an exploit proof-of-concept, are available at http://www.nsauditor.com, http://www.nsauditor.com/downloads/nsauditor_setup.exe, https://www.exploit-db.com/exploits/46005, and https://www.vulncheck.com/advisories/nsauditor-local-seh-buffer-overflow. No specific patches or mitigations are detailed in the provided references.

Details

CWE(s): CWE-787

Affected Products

nsasoft

nsauditor

≤ 3.2.7

CVEs Like This One

CVE-2020-37119Same product: Nsasoft Nsauditor

CVE-2020-37130Same product: Nsasoft Nsauditor

CVE-2021-47895Same product: Nsasoft Nsauditor

CVE-2021-47815Same product: Nsasoft Nsauditor

CVE-2020-37208Same vendor: Nsasoft

CVE-2020-37207Same vendor: Nsasoft

CVE-2020-37212Same vendor: Nsasoft

CVE-2021-47814Same vendor: Nsasoft

CVE-2020-37201Same vendor: Nsasoft

CVE-2020-37206Same vendor: Nsasoft

References

http://www.nsauditor.com
Product · disclosure@vulncheck.com
http://www.nsauditor.com/downloads/nsauditor_setup.exe
Product · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/46005
Exploit, VDB Entry · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/nsauditor-local-seh-buffer-overflow
Third Party Advisory · disclosure@vulncheck.com