Cyber Resilience

CVE-2018-25223

CriticalPublic PoC

Published: 28 March 2026

Published
28 March 2026
Modified
02 April 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0088 54.5th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2018-25223 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Ftnapps Crashmail Ii. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2018-25223 is a stack-based buffer overflow vulnerability (CWE-787) affecting Crashmail 1.6, an application for handling FTN (FidoNet Technology Network) mail. The flaw occurs when the application processes malicious input, leading to a buffer overflow that can be exploited for arbitrary code execution. Published on 2026-03-28 with a CVSS v3.1 score of 9.8 (Critical), it enables network-accessible attacks with low complexity, no privileges or user interaction required.

Remote attackers can exploit this vulnerability by sending crafted payloads containing ROP (Return-Oriented Programming) chains to the Crashmail 1.6 application over the network. Successful exploitation achieves arbitrary code execution within the application's context, granting high confidentiality, integrity, and availability impacts. Failed exploitation attempts may result in denial of service by crashing the application.

Advisories and related resources, including exploit details, are available at references such as http://exploitpack.com, http://ftnapps.sourceforge.net/crashmail.html, https://www.exploit-db.com/exploits/44331, and https://www.vulncheck.com/advisories/crashmail-stack-based-buffer-overflow-remote-code-execution. No specific patches or mitigation steps are detailed in the provided information.

A public proof-of-concept exploit is hosted on Exploit-DB (exploit 44331), indicating potential for real-world exploitation against unpatched Crashmail 1.6 instances.

EU & UK References

Vulnerability details

Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending malicious input to the application. Attackers can craft payloads with ROP chains to achieve code execution in the application context, with failed…

more

attempts potentially causing denial of service.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

CVE-2018-25223 is a remote buffer overflow in a network-facing application (Crashmail), enabling unauthenticated arbitrary code execution, directly mapping to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-27807Shared CWE-787
CVE-2024-48856Shared CWE-787
CVE-2025-14234Shared CWE-787
CVE-2018-25154Shared CWE-787
CVE-2024-57704Shared CWE-787
CVE-2025-29384Shared CWE-787
CVE-2024-12648Shared CWE-787
CVE-2025-30276Shared CWE-787
CVE-2025-25746Shared CWE-787
CVE-2025-25742Shared CWE-787

Affected Assets

ftnapps
crashmail ii
≤ 1.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the CVE by requiring identification, reporting, and patching of the stack-based buffer overflow flaw in Crashmail 1.6.

prevent

Prevents exploitation by validating malicious network inputs that trigger the buffer overflow in Crashmail 1.6.

prevent

Mitigates ROP chain exploitation of the stack buffer overflow through memory protections like stack canaries, ASLR, and DEP.

References