Cyber Resilience

CVE-2018-25221

CriticalPublic PoC

Published: 28 March 2026

Published
28 March 2026
Modified
02 April 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0082 52.5th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2018-25221 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Echatserver Easy Chat Server. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 47.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2018-25221 is a buffer overflow vulnerability (CWE-787) in EChat Server 3.1, specifically affecting the chat.ghp endpoint. The issue arises from processing an oversized username parameter, which can trigger a buffer overflow. Published on 2026-03-28, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact remote exploitation.

Remote, unauthenticated attackers can exploit this vulnerability by sending a GET request to the chat.ghp endpoint with a malicious username parameter containing shellcode and ROP gadgets. Successful exploitation leads to arbitrary code execution in the context of the affected application.

Advisories and related resources include a Vulncheck advisory detailing the buffer overflow via the chat.ghp username parameter and a public exploit published on Exploit-DB at https://www.exploit-db.com/exploits/44155. No specific patch or mitigation details are outlined in the provided information.

EU & UK References

Vulnerability details

EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing…

more

shellcode and ROP gadgets to achieve code execution in the application context.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

CVE-2018-25221 is a buffer overflow in a public-facing chat server endpoint (chat.ghp) allowing unauthenticated remote code execution via crafted GET request, directly mapping to Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2019-25613Same product: Echatserver Easy Chat Server
CVE-2025-27807Shared CWE-787
CVE-2024-48856Shared CWE-787
CVE-2025-14234Shared CWE-787
CVE-2018-25223Shared CWE-787
CVE-2018-25154Shared CWE-787
CVE-2024-57704Shared CWE-787
CVE-2025-29384Shared CWE-787
CVE-2024-12648Shared CWE-787
CVE-2025-30276Shared CWE-787

Affected Assets

echatserver
easy chat server
≤ 3.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of the oversized username parameter in the chat.ghp GET request to prevent buffer overflow exploitation.

prevent

Implements memory safeguards like DEP and ASLR to block execution of shellcode and ROP gadgets from the buffer overflow.

prevent

Directs identification, reporting, and patching of the specific buffer overflow flaw in EChat Server's chat.ghp endpoint.

References