CVE-2018-25272
Published: 22 April 2026
Summary
CVE-2018-25272 is a critical-severity Inadequate Encryption Strength (CWE-326) vulnerability in Elba (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and IA-5 (Authenticator Management).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely remediation of the known flaw in ELBA5 5.8.0 directly prevents remote code execution exploitation.
Prohibiting default connector credentials blocks the initial unauthenticated database access required for the attack chain.
Restricting least functionality by disabling xp_cmdshell and unnecessary database procedures prevents arbitrary command execution with SYSTEM privileges.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote exploitation of database service using default connector credentials and password decryption flaw enables initial access (T1190), credential collection (T1212), and privilege escalation to SYSTEM for arbitrary command execution (T1068).
NVD Description
ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands…
more
via the xp_cmdshell stored procedure or add backdoor users to the BEDIENER table.
Deeper analysisAI
CVE-2018-25272 is a remote code execution vulnerability affecting ELBA5 version 5.8.0. The flaw enables attackers to obtain database credentials and execute arbitrary commands with SYSTEM-level permissions by connecting to the database using default connector credentials, decrypting the DBA password, and leveraging mechanisms such as the xp_cmdshell stored procedure or adding backdoor users to the BEDIENER table. It is associated with CWE-326 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity.
Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. Successful exploitation grants full control over the system, including arbitrary command execution at the highest privilege level, potentially leading to complete compromise of the affected ELBA5 instance and its underlying database.
Advisories and references, including those from VulnCheck detailing the remote code execution via database access, the vendor site at elba.at, and a proof-of-concept exploit on Exploit-DB (45905), provide further technical details. Practitioners should consult these for patch availability or mitigation guidance specific to ELBA5 deployments.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: backdoor