Cyber Resilience

CVE-2018-25283

HighPublic PoC

Published: 26 April 2026

Published
26 April 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0015 4.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2018-25283 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Securimport (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2018-25283 is a structured exception handling (SEH) buffer overflow vulnerability in iSmartViewPro version 1.5. The issue affects the 'Save Path for Snapshot and Record file' field accessible through the System Setup interface, where insufficient bounds checking allows overflow when processing inputs exceeding 260 bytes. This flaw, classified under CWE-120 (Buffer Copy without Checking Size of Input), enables attackers to overwrite SEH records, as indicated by its CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Local attackers can exploit this vulnerability without privileges by supplying a crafted payload via the affected field. Successful exploitation overwrites SEH records, allowing execution of arbitrary shellcode with the privileges of the iSmartViewPro application, potentially leading to full compromise of the system running the software.

Advisories referenced in securimport.com/university/videovigilancia-ip/software/493-software-ismartviewpro-v1-5, www.exploit-db.com/exploits/45349, and www.vulncheck.com/advisories/ismartviewpro-buffer-overflow-via-savepath-parameter provide details on the vulnerability, including proof-of-concept exploits, but do not specify patches or mitigations in the available information. Security practitioners should review these sources for any updates on remediation.

EU & UK References

Vulnerability details

iSmartViewPro 1.5 contains a structured exception handling (SEH) buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary code. Attackers can input a crafted payload exceeding 260 bytes through the…

more

System Setup interface to overwrite SEH records and execute shellcode with application privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local SEH buffer overflow enables arbitrary code execution via crafted input to the application, directly mapping to exploitation for privilege escalation or system compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2018-25299Shared CWE-120
CVE-2026-1679Shared CWE-120
CVE-2026-28925Shared CWE-120
CVE-2018-9387Shared CWE-120
CVE-2025-71263Shared CWE-120
CVE-2020-37049Shared CWE-120
CVE-2025-47388Shared CWE-120
CVE-2018-25263Shared CWE-120
CVE-2022-49754Shared CWE-120
CVE-2025-49495Shared CWE-120

Affected Assets

Securimport
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely identification, reporting, and correction of the buffer overflow flaw in iSmartViewPro, eliminating the vulnerability through patching or replacement.

prevent

Requires validation of inputs to the 'Save Path for Snapshot and Record file' field to enforce bounds checking and prevent oversized payloads from causing SEH buffer overflows.

prevent

Implements memory safeguards such as DEP, ASLR, and stack canaries to block arbitrary code execution even if the SEH buffer overflow occurs.

References