Zero Day MonitorZDM

← Back to list

8.4

CVE-2018-25225EXPLOITED

null · sipp

SIPP 3.3 Stack-Based Buffer Overflow via Configuration File

Description

SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack buffer, overwriting the return address and executing arbitrary code through return-oriented programming gadgets.

Affected Products

Vendor	Product	Versions
null	sipp	3.3

References

https://www.exploit-db.com/exploits/45288(exploit)
http://sipp.sourceforge.net/(product)
https://www.vulncheck.com/advisories/sipp-stack-based-buffer-overflow-via-configuration-file(third-party-advisory)

Related News (1 articles)

Tier C

VulDB2d ago

CVE-2018-25225 | SIPP 3.3 Configuration File missing authentication (Exploit 45288 / EUVD-2018-21708)

→ No new info (linked only)

CVSS 3.18.4 NONE

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-306

PublishedMar 28, 2026

Last enriched2d agov2

Trending Score37

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-34070EXP

LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions

CRITICALCVE-2026-28505EXP

Tautulli: RCE via eval() sandbox bypass using lambda nested scope to escape co_names whitelist check

CRITICALCVE-2026-31799

Tautulli: SQL Injection in get_home_stats API endpoint via unsanitised filter parameters

MEDIUMCVE-2026-34040EXP

Moby has AuthZ plugin bypass when provided oversized request bodies

HIGHCVE-2026-33533

Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Mar 28, 2026

Discovered by ZDM

Mar 28, 2026

Updated: severity, exploitAvailable, activelyExploited

Mar 28, 2026

Actively Exploited

Mar 30, 2026

Exploit Available

Mar 30, 2026

Version History

v2

Last enriched 2d ago

v2Tier C2d ago

Updated vendor to SIPP, changed severity to CRITICAL, and marked exploit as available and actively exploited.

severityexploitAvailableactivelyExploited

via VulDB

v12d ago

Initial creation