CVE-2018-25222

HIGH

SC 7.16 - Stack Buffer Overflow Local Code Execution

Title source: manual

Description

SC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 1052 bytes to overwrite the instruction pointer and execute shellcode in the application context.

Exploits (1)

exploitdb WORKING POC

by Juan Sacco · pythonlocallinux

https://www.exploit-db.com/exploits/44279

View Code ZIP pw:eip

References (2)

[Exploit] https://www.exploit-db.com/exploits/44279

[Third Party Advisory] https://www.vulncheck.com/advisories/sc-stack-based-buffer-overflow-remote-code-execution

Scores

CVSS v3 8.4

EPSS 0.0002

EPSS Percentile 6.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (1)

sc/SC 7.16

Published Mar 28, 2026

Tracked Since Mar 29, 2026