Cyber Posture

CVE-2018-25283

HighPublic PoC

Published: 26 April 2026

Published
26 April 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 4.4th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-25283 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Securimport (inferred from references). Its CVSS base score is 8.4 (High).

Operationally, ranked at the 4.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mandates timely identification, reporting, and correction of the buffer overflow flaw in iSmartViewPro, eliminating the vulnerability through patching or replacement.

SI-10 Information Input Validation good match
prevent

Requires validation of inputs to the 'Save Path for Snapshot and Record file' field to enforce bounds checking and prevent oversized payloads from causing SEH buffer overflows.

SI-16 Memory Protection good match
prevent

Implements memory safeguards such as DEP, ASLR, and stack canaries to block arbitrary code execution even if the SEH buffer overflow occurs.

NVD Description

iSmartViewPro 1.5 contains a structured exception handling (SEH) buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary code. Attackers can input a crafted payload exceeding 260 bytes through the…

more

System Setup interface to overwrite SEH records and execute shellcode with application privileges.

Deeper analysisAI

CVE-2018-25283 is a structured exception handling (SEH) buffer overflow vulnerability in iSmartViewPro version 1.5. The issue affects the 'Save Path for Snapshot and Record file' field accessible through the System Setup interface, where insufficient bounds checking allows overflow when processing inputs exceeding 260 bytes. This flaw, classified under CWE-120 (Buffer Copy without Checking Size of Input), enables attackers to overwrite SEH records, as indicated by its CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Local attackers can exploit this vulnerability without privileges by supplying a crafted payload via the affected field. Successful exploitation overwrites SEH records, allowing execution of arbitrary shellcode with the privileges of the iSmartViewPro application, potentially leading to full compromise of the system running the software.

Advisories referenced in securimport.com/university/videovigilancia-ip/software/493-software-ismartviewpro-v1-5, www.exploit-db.com/exploits/45349, and www.vulncheck.com/advisories/ismartviewpro-buffer-overflow-via-savepath-parameter provide details on the vulnerability, including proof-of-concept exploits, but do not specify patches or mitigations in the available information. Security practitioners should review these sources for any updates on remediation.

Details

CWE(s)
CWE-120

Affected Products

Securimport
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-24956Shared CWE-120
CVE-2024-57482Shared CWE-120
CVE-2024-57479Shared CWE-120
CVE-2025-69807Shared CWE-120
CVE-2019-25353Shared CWE-120
CVE-2020-37050Shared CWE-120
CVE-2020-37207Shared CWE-120
CVE-2025-50670Shared CWE-120
CVE-2024-53027Shared CWE-120
CVE-2024-57509Shared CWE-120

References