CVE-2018-25259
Published: 22 April 2026
Summary
CVE-2018-25259 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Lizardsystems Terminal Services Manager. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 8.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
Terminal Services Manager 3.1 is affected by CVE-2018-25259, a stack-based buffer overflow vulnerability in the computer names field. This flaw allows local attackers to execute arbitrary code by triggering structured exception handling (SEH). Specifically, attackers can craft a malicious input file containing shellcode and jump instructions that overwrite the SEH handler pointer, leading to code execution when the file is imported through the add computers wizard.
Local unprivileged attackers (AV:L/PR:N) can exploit this vulnerability with low complexity and no user interaction required (AC:L/UI:N), achieving high confidentiality, integrity, and availability impacts (C:H/I:H/A:H) under CVSS 3.1 scoring of 8.4. By preparing a specially crafted input file, an attacker gains the ability to execute payloads such as calc.exe or other arbitrary code upon import, potentially leading to full system compromise from a local access position.
Advisories and proof-of-concept exploits for this vulnerability are documented in references including the vendor site at https://lizardsystems.com, Exploit-DB at https://www.exploit-db.com/exploits/46058, and VulnCheck at https://www.vulncheck.com/advisories/terminal-services-manager-buffer-overflow-seh. No specific patch or mitigation details are outlined in the available information.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-21772
Vulnerability details
Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious input file with shellcode and jump instructions…
more
that overwrite the SEH handler pointer to execute calc.exe or other payloads when imported through the add computers wizard.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow with SEH overwrite in local file import directly enables arbitrary code execution from unprivileged local access, mapping to exploitation for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-2 mandates identification, prioritization, and remediation of flaws like the buffer overflow in CVE-2018-25259, directly preventing exploitation through patching or removal.
SI-16 enforces memory protections such as stack canaries, ASLR, and DEP that block arbitrary code execution from SEH overwrites in stack-based buffer overflows.
SI-10 requires validation of information inputs like the computer names field in imported files, preventing buffer overflows from oversized or malformed data.