Cyber Resilience

CVE-2018-25255

HighPublic PoC

Published: 04 April 2026

Published
04 April 2026
Modified
16 April 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0019 8.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2018-25255 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in 10 Strike (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 8.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2018-25255 is a local buffer overflow vulnerability in the structured exception handling (SEH) of 10-Strike LANState version 8.8. The flaw affects the software's handling of LSM map files, where a specially crafted file with a malicious payload in the ObjCaption parameter can overflow the buffer, overwrite the SEH chain, and lead to arbitrary code execution upon opening the file in the application. It is classified under CWE-787 (Out-of-bounds Write) with a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Local attackers can exploit this vulnerability without requiring privileges by creating a malicious LSM file and tricking a user into opening it within 10-Strike LANState 8.8. Successful exploitation allows the attacker to execute arbitrary shellcode, potentially gaining full control over the affected system with high confidentiality, integrity, and availability impacts.

Advisories and related resources include a VulnCheck advisory detailing the SEH buffer overflow, an Exploit-DB entry (45086) with a proof-of-concept exploit, and vendor pages for 10-Strike LANState downloads and products. No specific patch details are outlined in the provided references.

A public exploit is available on Exploit-DB, indicating potential for real-world local exploitation on unpatched systems running the affected version.

EU & UK References

Vulnerability details

10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Attackers can create a specially formatted LSM file with a payload in the…

more

ObjCaption parameter that overflows the buffer, overwrites the SEH chain, and executes shellcode when the file is opened in the application.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Malicious LSM file opened by user triggers SEH buffer overflow and arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-33144Shared CWE-787
CVE-2025-24451Shared CWE-787
CVE-2025-24441Shared CWE-787
CVE-2025-23396Shared CWE-787
CVE-2019-25604Shared CWE-787
CVE-2026-21312Shared CWE-787
CVE-2026-23715Shared CWE-787
CVE-2025-21138Shared CWE-787
CVE-2026-0957Shared CWE-787
CVE-2025-24442Shared CWE-787

Affected Assets

10 Strike
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely flaw remediation, directly addressing the known buffer overflow vulnerability in 10-Strike LANState by applying vendor patches or updates.

prevent

SI-10 mandates information input validation at file parsing points, preventing the buffer overflow from malicious ObjCaption payloads in LSM files.

prevent

SI-16 implements memory protection mechanisms like ASLR and DEP that mitigate SEH chain overwrites and arbitrary code execution from buffer overflows.

References