Cyber Resilience

CVE-2018-25225

HighPublic PoC

Published: 28 March 2026

Published
28 March 2026
Modified
08 April 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0019 9.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2018-25225 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Sipp Project Sipp. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 9.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2018-25225 is a stack-based buffer overflow vulnerability in SIPP version 3.3. The flaw arises when the software processes a configuration file, where attackers can supply oversized values that overflow a stack buffer, enabling overwrite of the return address.

Local unauthenticated attackers can exploit this vulnerability by crafting and providing a malicious configuration file to SIPP. Successful exploitation allows execution of arbitrary code through return-oriented programming gadgets, granting high-impact control over confidentiality, integrity, and availability. The CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) underscores its severity for local access scenarios with low complexity and no privileges required.

References include the official SIPP SourceForge page, an Exploit-DB entry (45288) demonstrating the exploit, and a Vulncheck advisory on the stack-based buffer overflow via configuration file. The CVE was published on 2026-03-28.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack buffer, overwriting…

more

the return address and executing arbitrary code through return-oriented programming gadgets.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Buffer overflow in SIPP triggered by malicious config file directly enables client-side exploitation for arbitrary code execution (T1203) via a crafted local file (T1204.002).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-53378Shared CWE-306
CVE-2018-25224Shared CWE-306
CVE-2026-4810Shared CWE-306
CVE-2025-59695Shared CWE-306
CVE-2025-25224Shared CWE-306
CVE-2023-53968Shared CWE-306
CVE-2026-27843Shared CWE-306
CVE-2025-13030Shared CWE-306
CVE-2026-34731Shared CWE-306
CVE-2025-53847Shared CWE-306

Affected Assets

sipp project
sipp
3.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 mandates validation of configuration file inputs to reject oversized values that trigger the stack buffer overflow in SIPP.

prevent

SI-16 enforces memory protections like stack canaries and ASLR to block exploitation of stack buffer overflows via return address overwrites.

prevent

SI-2 requires timely patching of the known stack-based buffer overflow flaw in SIPP 3.3 to eliminate the vulnerability.

References