CVE-2018-25225
Published: 28 March 2026
Summary
CVE-2018-25225 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Sipp Project Sipp. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 9.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2018-25225 is a stack-based buffer overflow vulnerability in SIPP version 3.3. The flaw arises when the software processes a configuration file, where attackers can supply oversized values that overflow a stack buffer, enabling overwrite of the return address.
Local unauthenticated attackers can exploit this vulnerability by crafting and providing a malicious configuration file to SIPP. Successful exploitation allows execution of arbitrary code through return-oriented programming gadgets, granting high-impact control over confidentiality, integrity, and availability. The CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) underscores its severity for local access scenarios with low complexity and no privileges required.
References include the official SIPP SourceForge page, an Exploit-DB entry (45288) demonstrating the exploit, and a Vulncheck advisory on the stack-based buffer overflow via configuration file. The CVE was published on 2026-03-28.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-21708
Vulnerability details
SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack buffer, overwriting…
more
the return address and executing arbitrary code through return-oriented programming gadgets.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in SIPP triggered by malicious config file directly enables client-side exploitation for arbitrary code execution (T1203) via a crafted local file (T1204.002).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-10 mandates validation of configuration file inputs to reject oversized values that trigger the stack buffer overflow in SIPP.
SI-16 enforces memory protections like stack canaries and ASLR to block exploitation of stack buffer overflows via return address overwrites.
SI-2 requires timely patching of the known stack-based buffer overflow flaw in SIPP 3.3 to eliminate the vulnerability.