Cyber Resilience

CVE-2018-25251

HighPublic PoC

Published: 04 April 2026

Published
04 April 2026
Modified
16 April 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0019 8.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2018-25251 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Sourceforge (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 8.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2018-25251 is a buffer overflow vulnerability (CWE-787) affecting Snes9K version 0.0.9z, a Super Nintendo emulator. The flaw resides in the Netplay Socket Port Number field, where input processing fails to adequately bound checks, enabling a structured exception handler (SEH) overwrite. This issue was published on 2026-04-04 and carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting high confidentiality, integrity, and availability impacts.

Local attackers can exploit the vulnerability by crafting a malicious payload and pasting it directly into the Socket Port Number field via the Netplay Options menu. Successful exploitation triggers SEH chain overwrite, allowing arbitrary code execution on the target system with the privileges of the Snes9K process, which requires no special permissions.

Advisories and related resources, including a Vulncheck advisory on the Snes9K 0.0.9z buffer overflow SEH via Netplay Socket, an Exploit-DB entry (45598) with a proof-of-concept, and the Snes9K project page and latest download on SourceForge, document the issue but do not specify patches or mitigations in the provided details.

A public exploit is available on Exploit-DB, indicating active proof-of-concept exploitation potential for unpatched instances of this legacy emulator.

EU & UK References

Vulnerability details

Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers can craft a malicious payload and paste it into the Socket Port Number…

more

field via the Netplay Options menu to achieve code execution through SEH chain exploitation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Local buffer overflow with SEH overwrite directly enables arbitrary code execution in a client application (emulator), matching Exploitation for Client Execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2019-25705Shared CWE-787
CVE-2019-25633Shared CWE-787
CVE-2026-0538Shared CWE-787
CVE-2016-20046Shared CWE-787
CVE-2019-25628Shared CWE-787
CVE-2019-25695Shared CWE-787
CVE-2018-25218Shared CWE-787
CVE-2026-42484Shared CWE-787
CVE-2019-25612Shared CWE-787
CVE-2025-43300Shared CWE-787

Affected Assets

Sourceforge
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of user inputs to the Netplay Socket Port Number field to prevent buffer overflows from malicious payloads.

prevent

Implements memory protections such as DEP and ASLR to block SEH chain overwrite exploitation even if invalid input reaches the buffer.

prevent

Mandates timely remediation of the known buffer overflow flaw in Snes9K 0.0.9z, such as patching or upgrading the emulator.

References