CVE-2018-25224

HIGH CVSS 8.4 View on NVD ↗

Description

PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Attackers can craft configuration files with oversized input that overflows the stack buffer and execute shell commands via return-oriented programming gadgets.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

https://pms.sourceforge.net
https://www.exploit-db.com/exploits/44426
https://www.vulncheck.com/advisories/pms-stack-based-buffer-overflow-via-configuration-file

Published: Mar 28, 2026 12:16 UTC Modified: Mar 28, 2026 12:16 UTC