CVE-2018-25294

HIGH

CEWE Photoshow 6.3.4 Buffer Overflow Denial of Service

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25294. PoCs published by Gionathan Reale.

AI-analyzed exploit summary This exploit demonstrates a Denial of Service (DoS) vulnerability in CEWE Photoshow 6.3.4 by generating a large buffer of 'A' characters (4000 bytes) and writing it to a file. The payload is designed to crash the application when pasted into the 'email address' and 'Password' fields during login.

Description

CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Gionathan Reale · pythondoswindows_x86-64

https://www.exploit-db.com/exploits/45211

View Code ZIP pw:eip

This exploit demonstrates a Denial of Service (DoS) vulnerability in CEWE Photoshow 6.3.4 by generating a large buffer of 'A' characters (4000 bytes) and writing it to a file. The payload is designed to crash the application when pasted into the 'email address' and 'Password' fields during login.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: CEWE Photoshow 6.3.4

No auth needed

Prerequisites: CEWE Photoshow 6.3.4 installed on Windows 10 · Access to the login interface of the application

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Apr 26, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-45211

https://www.exploit-db.com/exploits/45211

Product product

Official Product Homepage

https://cewe-photoworld.com/

Product product

Product Reference

https://cewe-photoworld.com/creator-software/windows-download

Third Party Advisory third-party-advisory

VulnCheck Advisory: CEWE Photoshow 6.3.4 Buffer Overflow Denial of Service

https://www.vulncheck.com/advisories/cewe-photoshow-buffer-overflow-denial-of-service

Scores

CVSS v3 7.5

EPSS 0.0039

EPSS Percentile 30.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-120

Status published

Products (1)

Cewe-Photoworld/CEWE Photoshow 6.3.4

Published Apr 26, 2026

Tracked Since Apr 26, 2026