CVE-2018-25225 in SIPP
Summary
SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack buffer, overwriting the return address and executing arbitrary code through return-oriented programming gadgets.
Responsible
VulnCheck
Reservation
03/28/2026
Disclosure
03/28/2026
Entries
| Published | Base | Temp | Vulnerability | CWE | Prod | Exp | Cou | EPSS | CTI | CVE |
|---|---|---|---|---|---|---|---|---|---|---|
| 03/28/2026 | 6.8 | 6.6 | SIPP Configuration File missing authentication | 306 | Unknown | Proof-of-Concept | Not defined | 0.00016 | 2.44 | CVE-2018-25225 |