Cyber Resilience

CVE-2018-25427

CriticalPublic PoC

Published: 01 June 2026

Published
01 June 2026
Modified
02 June 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0092 56.0th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2018-25427 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Armcode (inferred from references). Its CVSS base score is 9.3 (Critical).

Operationally, ranked in the top 44.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite…

more

the structured exception handler and gain command execution when the application processes the input.

CWE(s)

Related Threats

CVEs Like This One

CVE-2025-70083Shared CWE-121
CVE-2026-38422Shared CWE-121
CVE-2025-54485Shared CWE-121
CVE-2025-11783Shared CWE-121
CVE-2025-29149Shared CWE-121
CVE-2025-15273Shared CWE-121
CVE-2025-54491Shared CWE-121
CVE-2025-70656Shared CWE-121
CVE-2025-70304Shared CWE-121
CVE-2025-71023Shared CWE-121

Affected Assets

Armcode
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References