CVE-2018-15490

HIGH

ExpressVPN - Path Traversal and Arbitrary File Write via JSON-RPC XVPN.GetPreference and XVPN.SetPreference

Title source: llm
STIX 2.1

Description

An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe process (which runs as a service with SYSTEM privileges) listens on TCP port 2015, which is used as an RPC interface for communication with the client side of the ExpressVPN application. A JSON-RPC protocol over HTTP is used for communication. The JSON-RPC XVPN.GetPreference and XVPN.SetPreference methods are vulnerable to path traversal, and allow reading and writing files on the file system on behalf of the service.

Scores

CVSS v3 7.1
EPSS 0.0061
EPSS Percentile 44.8%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-22
Status published
Products (1)
expressvpn/expressvpn
Published Jan 02, 2019
Tracked Since Feb 18, 2026