CVE-2018-25169

HIGH

AMPPS 2.7 - Denial of Service via Malformed Socket Connection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25169. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary This Python script demonstrates a Denial of Service (DoS) vulnerability in AMPPS 2.7 by flooding the target server with TCP connections on port 80. It repeatedly establishes connections and sends a 'BOOM' payload until the server becomes unresponsive.

Description

AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish multiple socket connections and transmit invalid payloads to exhaust server resources and cause service unavailability.

Exploits (1)

exploitdb WORKING POC
by Ihsan Sencan · pythondoswindows_x86-64
https://www.exploit-db.com/exploits/45850

This Python script demonstrates a Denial of Service (DoS) vulnerability in AMPPS 2.7 by flooding the target server with TCP connections on port 80. It repeatedly establishes connections and sends a 'BOOM' payload until the server becomes unresponsive.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: AMPPS 2.7
No auth needed
Prerequisites: Target IP address · Network access to port 80
devstral-2 · analyzed Mar 06, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/45850

Scores

CVSS v3 7.5
EPSS 0.0034
EPSS Percentile 25.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-1188
Status published
Published Mar 06, 2026
Tracked Since Mar 06, 2026