CVE-2018-25265
Published: 22 April 2026
Summary
CVE-2018-25265 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Lizardsystems Lanspy. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 10.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2018-25265 is a local buffer overflow vulnerability (CWE-787) affecting LanSpy version 2.0.1.159 in its scan section. The flaw enables local attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can craft malicious payloads incorporating egghunter techniques to locate shellcode, followed by SEH chain manipulation and controlled jumps to trigger execution. The vulnerability carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-04-22.
Local attackers with access to the system can exploit this vulnerability without requiring privileges (PR:N) or user interaction (UI:N). By sending a specially crafted input to the scan section, they trigger the buffer overflow, overwrite the SEH chain, and achieve arbitrary code execution with high confidentiality, integrity, and availability impacts.
Advisories and references, including the vendor site at https://lizardsystems.com, a proof-of-concept exploit at https://www.exploit-db.com/exploits/46018, and a VulnCheck advisory at https://www.vulncheck.com/advisories/lanspy-local-buffer-overflow, document the issue and exploitation details but do not specify mitigations or patches in the available information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-21780
Vulnerability details
LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious payloads using egghunter techniques to locate and execute shellcode, triggering…
more
code execution through SEH chain manipulation and controlled jumps.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local buffer overflow with SEH overwrite directly enables arbitrary code execution by an unprivileged local attacker, mapping to exploitation for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents buffer overflows by validating the format, length, and content of inputs to the scan section, blocking specially crafted payloads.
Enforces memory protections such as ASLR, DEP, and stack canaries that disrupt SEH chain overwrites and egghunter shellcode execution in buffer overflow exploits.
Mandates timely flaw remediation, including patching or replacing LanSpy to eliminate the specific buffer overflow vulnerability.