CVE-2018-25361

MEDIUM

Soroush IM Desktop App 0.17.0 Authentication Bypass via Database Injection

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25361. PoCs published by VortexNeoX64.

AI-analyzed exploit summary This exploit bypasses authentication in Soroush IM Desktop App 0.17.0 by injecting a pre-encrypted database file, allowing an attacker to access all user data and perform actions on behalf of the victim. The PoC kills the target process, replaces the legitimate database with a malicious one, and restarts the application.

Description

Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption key. Attackers can inject malicious database records into the application's database files to unlock the client and access all stored data, chats, images, and files without knowing the original passcode.

Exploits (1)

exploitdb WORKING POC

by VortexNeoX64 · localwindows

https://www.exploit-db.com/exploits/45171

View Code ZIP pw:eip

This exploit bypasses authentication in Soroush IM Desktop App 0.17.0 by injecting a pre-encrypted database file, allowing an attacker to access all user data and perform actions on behalf of the victim. The PoC kills the target process, replaces the legitimate database with a malicious one, and restarts the application.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Soroush IM Desktop App 0.17.0 BETA

No auth needed

Prerequisites: local access to the victim's machine · Soroush IM Desktop App installed and running

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed May 25, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-45171

https://www.exploit-db.com/exploits/45171

Product product

Official Product Homepage

https://soroush-app.ir

Product product

Product Reference

http://54.36.43.176/SoroushSetup0.17.0.exe

Third Party Advisory third-party-advisory

VulnCheck Advisory: Soroush IM Desktop App 0.17.0 Authentication Bypass via Database Injection

https://www.vulncheck.com/advisories/soroush-im-desktop-app-authentication-bypass-via-database-injection

Scores

CVSS v3 6.8

EPSS 0.0012

EPSS Percentile 2.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-290

Status published

Products (2)

Soroush/Soroush IM Desktop App 0.17.0

Soroush/Soroush Messenger 0.17.0

Published May 25, 2026

Tracked Since May 25, 2026