CVE-2018-25159

CRITICAL

Epross AVCON6 - Unauthenticated Remote Code Execution via OGNL Injection in Login Action

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25159. PoCs published by Nassim Asrir.

AI-analyzed exploit summary This exploit leverages an OGNL injection vulnerability in the AVCON6 systems management platform to achieve remote command execution. The payload constructs a malicious OGNL expression that spawns a process and returns the command output via the HTTP response.

Description

Epross AVCON6 systems management platform contains an object-graph navigation language (OGNL) injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. Attackers can send crafted requests to the login.action endpoint with OGNL payloads in the redirect parameter to instantiate ProcessBuilder objects and execute system commands with root privileges.

Exploits (1)

exploitdb WORKING POC

by Nassim Asrir · pythonwebappsjava

https://www.exploit-db.com/exploits/47379

View Code ZIP pw:eip

This exploit leverages an OGNL injection vulnerability in the AVCON6 systems management platform to achieve remote command execution. The payload constructs a malicious OGNL expression that spawns a process and returns the command output via the HTTP response.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: AVCON6 systems management platform

No auth needed

Prerequisites: Network access to the target server · Target application must be running and accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 12, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/47379

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/epross-avcon6-ognl-remote-code-execution-via-login-action

Scores

CVSS v3 9.8

EPSS 0.0039

EPSS Percentile 31.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-1334

Status published

Products (1)

Epross/AVCON6 systems management platform

Published Mar 11, 2026

Tracked Since Mar 12, 2026