CVE-2018-25127

MEDIUM

SOCA Access Control System 180612 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25127. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in SOCA Access Control System, allowing an attacker to add an admin user via a crafted HTTP request. The PoC includes an HTML form that submits a malicious request to the target system.

Description

SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that submit forged requests to create admin accounts by tricking logged-in users into visiting a malicious site.

Exploits (1)

exploitdb WORKING POC
by LiquidWorm · textwebappsphp
https://www.exploit-db.com/exploits/46834

This exploit demonstrates a CSRF vulnerability in SOCA Access Control System, allowing an attacker to add an admin user via a crafted HTTP request. The PoC includes an HTML form that submits a malicious request to the target system.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: SOCA Access Control System versions 180612, 170000, and 141007
No auth needed
Prerequisites: Victim must be logged into the target system and visit the malicious page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/46834
Various Sources product
http://www.socatech.com
Third Party Advisory third-party-advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5520.php

Scores

CVSS v3 5.3
EPSS 0.0019
EPSS Percentile 8.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-352
Status published
Products (3)
SOCA Technology Co., Ltd/SOCA Access Control System 141007
SOCA Technology Co., Ltd/SOCA Access Control System 170000
SOCA Technology Co., Ltd/SOCA Access Control System 180612
Published Dec 24, 2025
Tracked Since Feb 18, 2026