Cyber Resilience

CVE-2018-25219

HighPublic PoC

Published: 26 March 2026

Published
26 March 2026
Modified
31 March 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0025 15.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2018-25219 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Passfab Excel Password Recovery. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 15.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2018-25219 is a structured exception handling buffer overflow vulnerability in PassFab Excel Password Recovery version 8.3.1. The issue arises when a malicious payload is supplied in the registration code field, enabling local attackers to trigger the overflow and execute arbitrary code. It is classified under CWE-787 (Out-of-bounds Write) with a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Local attackers can exploit the vulnerability during the software's registration process by crafting a buffer overflow payload that includes a pop-pop-ret gadget and shellcode. This payload is pasted into the Licensed E-mail and Registration Code fields, leading to code execution upon processing. Exploitation requires local access to the system but no privileges or significant user interaction beyond the attacker's ability to input the payload.

Advisories and exploit details are available from VulnCheck at https://www.vulncheck.com/advisories/passfab-excel-password-recovery-seh-buffer-overflow and Exploit-DB at https://www.exploit-db.com/exploits/46301. Vendor resources include the product page at https://www.passfab.com/products/excel-password-recovery.html and download link at https://www.passfab.com/downloads/passfab-excel-password-recovery.exe; no specific patch or mitigation guidance is detailed in the provided references.

EU & UK References

Vulnerability details

PassFab Excel Password Recovery 8.3.1 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the registration code field. Attackers can craft a buffer overflow payload with a…

more

pop-pop-ret gadget and shellcode that triggers code execution when pasted into the Licensed E-mail and Registration Code field during the registration process.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local SEH buffer overflow enables arbitrary code execution via crafted registration input, directly mapping to exploitation for privilege escalation or code execution on the local system.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2018-25218Same vendor: Passfab
CVE-2016-20044Shared CWE-787
CVE-2026-23326Shared CWE-787
CVE-2024-43077Shared CWE-787
CVE-2024-53697Shared CWE-787
CVE-2025-20890Shared CWE-787
CVE-2026-23073Shared CWE-787
CVE-2025-20708Shared CWE-787
CVE-2025-1471Shared CWE-787
CVE-2024-35273Shared CWE-787

Affected Assets

passfab
excel password recovery
≤ 8.3.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents the buffer overflow by requiring validation of malicious payloads supplied in the registration code field to ensure they do not exceed bounds or contain invalid data.

prevent

Mitigates exploitation of the SEH buffer overflow vulnerability through memory protection mechanisms such as DEP and ASLR that hinder arbitrary code execution via pop-pop-ret gadgets and shellcode.

prevent

Ensures timely remediation of the specific buffer overflow flaw in PassFab Excel Password Recovery 8.3.1 by applying patches or removing the vulnerable software.

References