CVE-2018-25193

HIGH

Mongoose Web Server 6.9 - Denial of Service via Multiple Socket Connections

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25193. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary This PoC exploits a Denial of Service (DoS) vulnerability in Mongoose Web Server 6.9 by flooding the target with TCP connections and sending a 'BOOM' payload. The script continuously establishes connections until the server crashes or stops responding.

Description

Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service unavailability.

Exploits (1)

exploitdb WORKING POC
by Ihsan Sencan · pythondoswindows_x86-64
https://www.exploit-db.com/exploits/45819

This PoC exploits a Denial of Service (DoS) vulnerability in Mongoose Web Server 6.9 by flooding the target with TCP connections and sending a 'BOOM' payload. The script continuously establishes connections until the server crashes or stops responding.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Mongoose Web Server 6.9
No auth needed
Prerequisites: Network access to the target server · Python environment
devstral-2 · analyzed Mar 06, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/45819

Scores

CVSS v3 7.5
EPSS 0.0034
EPSS Percentile 25.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-1188
Status published
Published Mar 06, 2026
Tracked Since Mar 06, 2026