Cyber Resilience

CVE-2018-25383

HighPublic PoC

Published: 29 May 2026

Published
29 May 2026
Modified
29 May 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0018 7.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2018-25383 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Commentcamarche (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, ranked at the 7.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow vulnerability in WMA file processing that allows local attackers to bypass DEP protection via structured exception handling manipulation. Attackers can craft a malicious WMA file that triggers the overflow when…

more

loaded through the Convert function, enabling execution of arbitrary code through ROP chain gadgets and shellcode injection.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Commentcamarche
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References