Cyber Posture

CVE-2018-25221

CriticalPublic PoC

Published: 28 March 2026

Published
28 March 2026
Modified
02 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0015 35.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-25221 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Echatserver Easy Chat Server. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 35.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Requires validation of the oversized username parameter in the chat.ghp GET request to prevent buffer overflow exploitation.

SI-16 Memory Protection good match
prevent

Implements memory safeguards like DEP and ASLR to block execution of shellcode and ROP gadgets from the buffer overflow.

SI-2 Flaw Remediation good match
prevent

Directs identification, reporting, and patching of the specific buffer overflow flaw in EChat Server's chat.ghp endpoint.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

CVE-2018-25221 is a buffer overflow in a public-facing chat server endpoint (chat.ghp) allowing unauthenticated remote code execution via crafted GET request, directly mapping to Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing…

more

shellcode and ROP gadgets to achieve code execution in the application context.

Deeper analysisAI

CVE-2018-25221 is a buffer overflow vulnerability (CWE-787) in EChat Server 3.1, specifically affecting the chat.ghp endpoint. The issue arises from processing an oversized username parameter, which can trigger a buffer overflow. Published on 2026-03-28, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact remote exploitation.

Remote, unauthenticated attackers can exploit this vulnerability by sending a GET request to the chat.ghp endpoint with a malicious username parameter containing shellcode and ROP gadgets. Successful exploitation leads to arbitrary code execution in the context of the affected application.

Advisories and related resources include a Vulncheck advisory detailing the buffer overflow via the chat.ghp username parameter and a public exploit published on Exploit-DB at https://www.exploit-db.com/exploits/44155. No specific patch or mitigation details are outlined in the provided information.

Details

CWE(s)
CWE-787

Affected Products

echatserver
easy chat server
≤ 3.1

CVEs Like This One

CVE-2019-25613Same product: Echatserver Easy Chat Server
CVE-2025-27821Shared CWE-787
CVE-2026-0116Shared CWE-787
CVE-2025-25742Shared CWE-787
CVE-2024-57704Shared CWE-787
CVE-2025-26508Shared CWE-787
CVE-2025-29031Shared CWE-787
CVE-2024-11345Shared CWE-787
CVE-2025-62818Shared CWE-787
CVE-2019-25614Shared CWE-787

References