CVE-2018-25108

High

Published: 16 January 2025

Published

16 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0118 78.9th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

An unauthenticated remote attacker can cause a DoS in the controller due to uncontrolled resource consumption.

Security Summary

CVE-2018-25108 is a vulnerability characterized by uncontrolled resource consumption (CWE-770), enabling an unauthenticated remote attacker to cause a Denial of Service (DoS) condition in the controller. The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its impact on availability. It was published on 2025-01-16.

An unauthenticated attacker with network access can exploit this vulnerability with low complexity and no privileges or user interaction required. Successful exploitation results in significant resource exhaustion, leading to a DoS that disrupts the controller's functionality.

The advisory at https://cert.vde.com/en/advisories/VDE-2018-013 provides details on mitigation strategies for this vulnerability.

Details

CWE(s): CWE-770

References

https://cert.vde.com/en/advisories/VDE-2018-013
info@cert.vde.com