CVE-2018-25282

MEDIUM

Nmap 7.70 Denial of Service via XML Entity Expansion

Title source: cna

Description

Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import functionality to cause the program to consume excessive system resources and crash.

Exploits (1)

exploitdb WORKING POC

by Gionathan Reale · textdoswindows_x86

https://www.exploit-db.com/exploits/45357

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-45357

https://www.exploit-db.com/exploits/45357

Product product

Product Reference

https://nmap.org/dist/nmap-7.70-setup.exe

Third Party Advisory third-party-advisory

VulnCheck Advisory: Nmap 7.70 Denial of Service via XML Entity Expansion

https://www.vulncheck.com/advisories/nmap-denial-of-service-via-xml-entity-expansion

Scores

CVSS v3 6.2

EPSS 0.0001

EPSS Percentile 3.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-674

Status published

Products (1)

ZenMap/ZenMap 7.70

Published Apr 26, 2026

Tracked Since Apr 26, 2026