CVE-2018-25223

CRITICAL

Crashmail 1.6 Stack-based Buffer Overflow Remote Code Execution

Title source: cna

Description

Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending malicious input to the application. Attackers can craft payloads with ROP chains to achieve code execution in the application context, with failed attempts potentially causing denial of service.

Exploits (1)

exploitdb WORKING POC

by Juan Sacco · pythonlocallinux

https://www.exploit-db.com/exploits/44331

View Code ZIP pw:eip

References (4)

[Exploit] https://www.exploit-db.com/exploits/44331

[Product] http://ftnapps.sourceforge.net/crashmail.html

[Product] http://exploitpack.com

[Third Party Advisory] https://www.vulncheck.com/advisories/crashmail-stack-based-buffer-overflow-remote-code-execution

Scores

CVSS v3 9.8

EPSS 0.0026

EPSS Percentile 49.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (2)

crashmail/Crashmail 1.6

ftnapps/crashmail_ii < 1.6

Published Mar 28, 2026

Tracked Since Mar 29, 2026