Cyber Resilience

CVE-2018-25257

HighPublic PoC

Published: 12 April 2026

Published
12 April 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0003 10.2th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-25257 is a high-severity SQL Injection (CWE-89) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 10.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2018-25257 is an SQL injection vulnerability (CWE-89) affecting Adianti Framework versions 5.5.0 and 5.6.0. The flaw exists in the SystemProfileForm component, where the name field in the profile edit endpoint fails to properly sanitize user input, allowing authenticated users to inject malicious SQL code into database queries. The vulnerability has a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N), indicating high confidentiality impact with low integrity impact and no availability disruption.

An attacker with low-privilege authenticated access can exploit this vulnerability remotely over the network with low complexity and no user interaction required. By submitting crafted SQL statements through the vulnerable name field, the attacker can manipulate database queries to modify user credentials, such as elevating their own account to administrative privileges and potentially extracting sensitive data.

Advisories and related resources, including a proof-of-concept exploit published on Exploit-DB (https://www.exploit-db.com/exploits/46217) and a detailed advisory from Vulncheck (https://www.vulncheck.com/advisories/adianti-framework-and-sql-injection-via-profile), document the issue but do not specify patches or mitigations in the available descriptions. Security practitioners should review these references for remediation guidance and consider upgrading to unaffected versions of the framework.

EU & UK References

Vulnerability details

Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to…

more

modify user credentials and gain administrative access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1098 Account Manipulation Persistence
Adversaries may manipulate accounts to maintain and/or elevate access to victim systems.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SQL injection directly enables remote authenticated exploitation of a web framework component (T1190), resulting in unauthorized account modification/privilege escalation (T1098, T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-29206Shared CWE-89
CVE-2026-6476Shared CWE-89
CVE-2026-27470Shared CWE-89
CVE-2025-24669Shared CWE-89
CVE-2026-2751Shared CWE-89
CVE-2026-24908Shared CWE-89
CVE-2026-33539Shared CWE-89
CVE-2025-26200Shared CWE-89
CVE-2026-30711Shared CWE-89
CVE-2025-29893Shared CWE-89

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of unsanitized user inputs like the name field in SystemProfileForm to prevent SQL injection exploitation.

prevent

Enforces restrictions on information inputs to block malicious SQL code from being accepted in the profile edit endpoint.

prevent

Mandates identification, reporting, and correction of flaws such as this SQL injection vulnerability via patching or framework upgrades.

References