CVE-2018-25299
Published: 29 April 2026
Summary
CVE-2018-25299 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Mersenne (inferred from references). Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 5.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2018-25299 is a local buffer overflow vulnerability (CWE-120) in Prime95 version 29.4b8, a software tool used for Mersenne prime hunting and stress-testing. The flaw resides in the PrimeNet connection settings, where the optional proxy hostname field can be abused to inject a malicious payload, triggering a structured exception handling (SEH) overwrite that enables arbitrary code execution. It carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for complete system compromise.
A local attacker can exploit this vulnerability with low attack complexity and no user privileges or interaction required. By supplying a specially crafted string in the proxy hostname field, the attacker triggers the buffer overflow, hijacks SEH control flow, and executes arbitrary system commands, potentially leading to full control over the affected system including data theft, modification, or denial of service.
Advisories and references, including Vulncheck's detailed analysis of the Prime95 29.4b8 SEH overflow and an Exploit-DB proof-of-concept (ID 44649), confirm the issue without specifying patches. The official Prime95 site at mersenne.org and its download page provide access to the software, where users should check for updated versions beyond 29.4b8 to mitigate exposure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-21819
Vulnerability details
Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can inject malicious payload through the optional proxy hostname field in the PrimeNet connection settings to trigger…
more
the overflow and execute system commands.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local buffer overflow with SEH overwrite enables arbitrary code execution from a low-privileged context, directly mapping to exploitation for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the buffer overflow by enforcing validation of untrusted inputs like the proxy hostname field to prevent overflow conditions.
Implements memory protections such as DEP and ASLR that thwart SEH overwrite exploits even if a buffer overflow occurs.
Requires timely flaw remediation through patching or upgrading Prime95 beyond version 29.4b8 to eliminate the vulnerability.