Is CVE-2018-25265 actively exploited?

CVE-2018-25265 has no public evidence of in-the-wild exploitation as of 2026-04-27.

What is the CVSS score for CVE-2018-25265?

CVE-2018-25265 has a CVSS score of 8.6 (HIGH severity). Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

How do I patch CVE-2018-25265?

Patch guidance is available from lizardsystems security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2018-25265.

Which products are affected by CVE-2018-25265?

1 product: lizardsystems lanspy.

Fix CVE-2018-25265 - HIGH lizardsystems lanspy

Description

LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious payloads using egghunter techniques to locate and execute shellcode, triggering code execution through SEH chain manipulation and controlled jumps.

CVSS Metrics

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector: local
Complexity: low
Privileges: none
User Action: none
Confidentiality: undefined
Integrity: undefined
Availability: undefined
Weaknesses: CWE-787 · Out-of-bounds Write

Metadata

Primary Vendor: LIZARDSYSTEMS
Published: 4/22/2026
Last Modified: 4/27/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2018-25265

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary