Cyber Resilience

CVE-2018-25315

HighPublic PoC

Published: 29 April 2026

Published
29 April 2026
Modified
29 April 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0016 5.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2018-25315 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Alloksoft Video (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 5.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2018-25315 is a buffer overflow vulnerability affecting Alloksoft Video Joiner version 4.6.1217. The issue arises when the application processes a malicious string supplied in the License Name field during license registration, enabling attackers to overwrite the structured exception handler (SEH) and inject shellcode for arbitrary code execution. Classified under CWE-120, it carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Local attackers can exploit this vulnerability without privileges, requiring low attack complexity and no user interaction. By crafting a payload targeting the License Name input, they achieve full arbitrary code execution on the affected system, potentially compromising confidentiality, integrity, and availability with high impact.

Advisories and references, including a Vulncheck advisory on the buffer overflow via License Name and an Exploit-DB entry (44364) with a proof-of-concept exploit, document the issue but provide no details on patches or vendor mitigations. Vendor pages at alloksoft.com and alloksoft.com/joiner.htm describe the product without addressing the vulnerability.

EU & UK References

Vulnerability details

Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with structured exception handler (SEH) overwrite and shellcode…

more

to achieve code execution when the application processes the license registration input.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Buffer overflow with SEH overwrite directly enables local arbitrary code execution via crafted input, mapping to exploitation techniques for privilege escalation and client execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2018-25307Shared CWE-120
CVE-2024-57510Shared CWE-120
CVE-2025-52908Shared CWE-120
CVE-2026-25277Shared CWE-120
CVE-2018-25299Shared CWE-120
CVE-2026-1679Shared CWE-120
CVE-2026-28925Shared CWE-120
CVE-2020-37028Shared CWE-120
CVE-2020-37010Shared CWE-120
CVE-2025-27832Shared CWE-120

Affected Assets

Alloksoft
Video
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventdetect

Directly mandates identification via vulnerability scanning and timely remediation of flaws like CVE-2018-25315 buffer overflow in Alloksoft Video Joiner to prevent exploitation.

prevent

Requires validation of information inputs such as the License Name field to block malicious strings causing buffer overflows and SEH overwrite.

prevent

Implements memory protections like ASLR and DEP to prevent successful SEH overwrite and shellcode execution from the buffer overflow vulnerability.

References