Cyber Resilience

CVE-2018-25307

HighPublic PoC

Published: 29 April 2026

Published
29 April 2026
Modified
30 April 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0015 4.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2018-25307 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

SysGauge Pro version 4.6.12 is affected by CVE-2018-25307, a local buffer overflow vulnerability in the Register function. This flaw allows local attackers to overwrite the structured exception handler (SEH) by supplying a crafted unlock key. The vulnerability, classified under CWE-120, enables attackers to inject shellcode through the Unlock Key field during the registration process, leading to arbitrary code execution with the privileges of the application. It has a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Local attackers with access to the system can exploit this vulnerability without requiring privileges or user interaction beyond providing the malicious input during registration. Successful exploitation allows attackers to execute arbitrary code, potentially compromising the application's functionality and enabling further system-level actions depending on the application's context and privileges.

Advisories, including one from Vulncheck detailing the SysGauge Pro local buffer overflow SEH vulnerability, provide technical analysis of the issue. A proof-of-concept exploit is publicly available on Exploit-DB (exploit 44455), demonstrating the SEH overwrite and shellcode injection technique. No patch information is specified in the available details.

EU & UK References

Vulnerability details

SysGauge Pro 4.6.12 contains a local buffer overflow vulnerability in the Register function that allows local attackers to overwrite the structured exception handler by supplying a crafted unlock key. Attackers can inject shellcode through the Unlock Key field during registration…

more

to execute arbitrary code with application privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Local SEH overwrite buffer overflow directly enables arbitrary code execution via crafted input (shellcode injection) in a client/desktop application, mapping to exploitation primitives for client execution and local privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2018-25315Shared CWE-120
CVE-2024-57510Shared CWE-120
CVE-2025-52908Shared CWE-120
CVE-2026-25277Shared CWE-120
CVE-2018-25299Shared CWE-120
CVE-2026-1679Shared CWE-120
CVE-2026-28925Shared CWE-120
CVE-2020-37028Shared CWE-120
CVE-2020-37010Shared CWE-120
CVE-2025-27832Shared CWE-120

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Information Input Validation directly prevents buffer overflows by ensuring the Unlock Key field rejects crafted inputs exceeding buffer limits.

prevent

Memory Protection mechanisms like stack canaries, ASLR, and DEP mitigate SEH overwrite and shellcode execution from buffer overflows.

prevent

Flaw Remediation requires timely patching of the buffer overflow vulnerability in SysGauge Pro's Register function.

References