CVE-2018-12540

HIGH

Eclipse Vert.x 3.0.0-3.5.2 - Cross-Site Request Forgery via XSRF Token Replay

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2018-12540. PoCs published by dawetmaster, andikahilmy, tafamace.

AI-analyzed exploit summary This repository contains a functional proof-of-concept for CVE-2018-12540, demonstrating the vulnerability in Vert.x Web's SockJS service proxy. The code includes examples of service registration and SockJS bridge configuration, which can be used to exploit the vulnerability.

Description

In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.

Exploits (4)

nomisec WORKING POC
by dawetmaster · poc
https://github.com/dawetmaster/CVE-2018-12540-vertx-web-vulnerable

This repository contains a functional proof-of-concept for CVE-2018-12540, demonstrating the vulnerability in Vert.x Web's SockJS service proxy. The code includes examples of service registration and SockJS bridge configuration, which can be used to exploit the vulnerability.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Vert.x Web (SockJS service proxy)
No auth needed
Prerequisites: Vert.x Web with SockJS service proxy enabled
devstral-2 · analyzed Mar 14, 2026 Full analysis →
nomisec WORKING POC
by andikahilmy · poc
https://github.com/andikahilmy/CVE-2018-12540-vertx-web-vulnerable

This repository contains a functional proof-of-concept for CVE-2018-12540, demonstrating a vulnerability in Vert.x Web's SockJS service proxy. The code includes examples of service registration and SockJS bridge configuration, which can be exploited to bypass security restrictions.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Vert.x Web (SockJS service proxy)
No auth needed
Prerequisites: Access to the Vert.x Web application with SockJS service proxy enabled
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec STUB
by tafamace · poc
https://github.com/tafamace/CVE-2018-12540

The provided code is a simple Java stub that prints command-line arguments and does not demonstrate any exploit functionality related to CVE-2018-12540. It lacks offensive techniques or vulnerability exploitation logic.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: N/A
No auth needed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by bernard-wagner · poc
https://github.com/bernard-wagner/vertx-web-xsrf

This repository contains a working proof-of-concept for CVE-2018-12540, demonstrating a CSRF vulnerability in Vert.x Web due to non-unique CSRF tokens per user session. The PoC includes a malicious website and a target website to exploit the vulnerability.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Vert.x Web
No auth needed
Prerequisites: Access to a vulnerable Vert.x Web application · Ability to host a malicious website
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://bugs.eclipse.org/bugs/show_bug.cgi?id=536948
Exploit, Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2371

Scores

CVSS v3 8.8
EPSS 0.0245
EPSS Percentile 85.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (2)
eclipse/vert.x 3.0.0 - 3.5.2
io.vertx/vertx-web 3.0.0 - 3.5.3Maven
Published Jul 12, 2018
Tracked Since Feb 18, 2026