CVE-2018-25223

CriticalPublic PoC

Published: 28 March 2026

Published

28 March 2026

Modified

02 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0028 51.5th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending malicious input to the application. Attackers can craft payloads with ROP chains to achieve code execution in the application context, with failed…

attempts potentially causing denial of service.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly addresses the CVE by requiring identification, reporting, and patching of the stack-based buffer overflow flaw in Crashmail 1.6.

SI-10 Information Input Validation good match

prevent

Prevents exploitation by validating malicious network inputs that trigger the buffer overflow in Crashmail 1.6.

SI-16 Memory Protection good match

prevent

Mitigates ROP chain exploitation of the stack buffer overflow through memory protections like stack canaries, ASLR, and DEP.

Security SummaryAI

CVE-2018-25223 is a stack-based buffer overflow vulnerability (CWE-787) affecting Crashmail 1.6, an application for handling FTN (FidoNet Technology Network) mail. The flaw occurs when the application processes malicious input, leading to a buffer overflow that can be exploited for arbitrary code execution. Published on 2026-03-28 with a CVSS v3.1 score of 9.8 (Critical), it enables network-accessible attacks with low complexity, no privileges or user interaction required.

Remote attackers can exploit this vulnerability by sending crafted payloads containing ROP (Return-Oriented Programming) chains to the Crashmail 1.6 application over the network. Successful exploitation achieves arbitrary code execution within the application's context, granting high confidentiality, integrity, and availability impacts. Failed exploitation attempts may result in denial of service by crashing the application.

Advisories and related resources, including exploit details, are available at references such as http://exploitpack.com, http://ftnapps.sourceforge.net/crashmail.html, https://www.exploit-db.com/exploits/44331, and https://www.vulncheck.com/advisories/crashmail-stack-based-buffer-overflow-remote-code-execution. No specific patches or mitigation steps are detailed in the provided information.

A public proof-of-concept exploit is hosted on Exploit-DB (exploit 44331), indicating potential for real-world exploitation against unpatched Crashmail 1.6 instances.

Details

CWE(s): CWE-787

Affected Products

ftnapps

crashmail ii

≤ 1.6

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

CVE-2018-25223 is a remote buffer overflow in a network-facing application (Crashmail), enabling unauthenticated arbitrary code execution, directly mapping to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

http://exploitpack.com
Not Applicable · disclosure@vulncheck.com
http://ftnapps.sourceforge.net/crashmail.html
Product · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/44331
Exploit, VDB Entry · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/crashmail-stack-based-buffer-overflow-remote-code-execution
Third Party Advisory · disclosure@vulncheck.com