CVE-2018-25367

MEDIUM

NASA openVSP 3.16.1 Denial of Service via Buffer Overflow

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25367. PoCs published by L0RD.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service vulnerability in NASA OpenVSP 3.16.1 by overflowing a buffer in the 'name' field of the 'pod' sub-geometry, causing the application to crash. The PoC generates a 5000-byte payload of 'A' characters and writes it to a file for manual input into the application.

Description

NASA openVSP 3.16.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the geometry name field. Attackers can trigger a denial of service by pasting a 5000-byte payload into the name input field within the Geom browser pod addition interface.

Exploits (1)

exploitdb WORKING POC VERIFIED

by L0RD · pythondoswindows_x86-64

https://www.exploit-db.com/exploits/45281

View Code ZIP pw:eip

This exploit demonstrates a denial-of-service vulnerability in NASA OpenVSP 3.16.1 by overflowing a buffer in the 'name' field of the 'pod' sub-geometry, causing the application to crash. The PoC generates a 5000-byte payload of 'A' characters and writes it to a file for manual input into the application.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: NASA OpenVSP 3.16.1

No auth needed

Prerequisites: NASA OpenVSP 3.16.1 installed on Windows 10 · Manual interaction to paste payload into the application

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed May 25, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-45281

https://www.exploit-db.com/exploits/45281

Product product

Product Reference

https://github.com/nasa/OpenVSP

Third Party Advisory third-party-advisory

VulnCheck Advisory: NASA openVSP 3.16.1 Denial of Service via Buffer Overflow

https://www.vulncheck.com/advisories/nasa-openvsp-denial-of-service-via-buffer-overflow

Scores

CVSS v3 6.2

EPSS 0.0017

EPSS Percentile 6.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-120

Status published

Products (1)

NASA/openVSP 3.16.1

Published May 25, 2026

Tracked Since May 25, 2026