HeidiSQL 9.5.0.5196 Denial of Service via Preferences
Plattform
windows
Komponente
heidisql
Behoben in
9.5.1
CVE-2018-25231 describes a denial-of-service (DoS) vulnerability discovered in HeidiSQL. This flaw allows a local attacker to crash the application by exploiting the SQL log file path field within the logging preferences. The vulnerability impacts versions 9.5.0.5196 through 9.5.0.5196, and a patch is available to resolve the issue.
Auswirkungen und Angriffsszenarien
The primary impact of CVE-2018-25231 is a denial of service. A successful exploit results in HeidiSQL crashing, preventing users from accessing and managing their databases. While the vulnerability is local, meaning an attacker must already have access to the system running HeidiSQL, this could be exploited by a malicious insider or after gaining initial access through another means. The attack involves crafting a file path exceeding the expected buffer size within the logging preferences, leading to a buffer overflow. This could potentially be chained with other vulnerabilities to escalate privileges, although this is unlikely given the local nature of the vulnerability. The blast radius is limited to the affected HeidiSQL instance.
Ausnutzungskontext
CVE-2018-25231 is not currently listed on KEV or EPSS. The CVSS score of 6.2 (MEDIUM) indicates a moderate probability of exploitation. Public proof-of-concept (POC) code is not widely available, but the vulnerability is relatively straightforward to exploit. The vulnerability was published on 2026-03-30 by the NVD.
Wer Ist Gefährdetwird übersetzt…
Users who rely on HeidiSQL for database management, particularly those running the affected versions (9.5.0.5196–9.5.0.5196) on Windows systems, are at risk. This includes database administrators and developers who use HeidiSQL for local database development and administration.
Erkennungsschrittewird übersetzt…
• windows / supply-chain:
Get-Process -Name heidisql | Stop-Process -Force• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='HeidiSQL']]]" -MaxEvents 10• windows / supply-chain: Check Autoruns for unusual entries related to HeidiSQL startup or file associations.
Angriffszeitlinie
- Disclosure
disclosure
Bedrohungsanalyse
Exploit-Status
EPSS
0.01% (3% Perzentil)
CISA SSVC
CVSS-Vektor
Was bedeuten diese Metriken?
- Attack Vector
- Lokal — Angreifer benötigt eine lokale Sitzung oder Shell auf dem System.
- Attack Complexity
- Niedrig — keine besonderen Bedingungen erforderlich. Zuverlässig ausnutzbar.
- Privileges Required
- Keine — ohne Authentifizierung ausnutzbar. Keine Zugangsdaten erforderlich.
- User Interaction
- Keine — automatischer und lautloser Angriff. Das Opfer tut nichts.
- Scope
- Unverändert — Auswirkung auf das anfällige Komponente beschränkt.
- Confidentiality
- Keine — kein Vertraulichkeitseinfluss.
- Integrity
- Keine — kein Integritätseinfluss.
- Availability
- Hoch — vollständiger Absturz oder Ressourcenerschöpfung. Totaler Denial of Service.
Betroffene Software
Schwachstellen-Klassifikation (CWE)
Zeitleiste
- Reserviert
- Veröffentlicht
- EPSS aktualisiert
Mitigation und Workarounds
The primary mitigation for CVE-2018-25231 is to upgrade to a patched version of HeidiSQL. If upgrading is not immediately feasible, consider restricting user access to the logging preferences to prevent malicious modification of the SQL log file path. While a Web Application Firewall (WAF) is unlikely to be effective in this scenario due to the local nature of the vulnerability, monitoring system logs for unusual process terminations related to HeidiSQL could provide early detection. There are no specific Sigma or YARA rules available for this vulnerability, but monitoring for crashes related to excessive file path lengths could be a useful indicator. After upgrading, confirm the fix by attempting to set an excessively long file path in the logging preferences; the application should not crash.
So behebenwird übersetzt…
Actualice HeidiSQL a una versión posterior a la 9.5.0.5196. Esto evitará que un atacante local pueda causar una denegación de servicio al proporcionar una ruta de archivo excesivamente larga en las preferencias de registro.
CVE-Sicherheitsnewsletter
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
Häufig gestellte Fragenwird übersetzt…
What is CVE-2018-25231 — DoS in HeidiSQL?
CVE-2018-25231 is a denial-of-service vulnerability in HeidiSQL versions 9.5.0.5196–9.5.0.5196, allowing local attackers to crash the application by providing a long file path.
Am I affected by CVE-2018-25231 in HeidiSQL?
You are affected if you are using HeidiSQL versions 9.5.0.5196–9.5.0.5196 and have not upgraded to a patched version.
How do I fix CVE-2018-25231 in HeidiSQL?
Upgrade to a patched version of HeidiSQL. As a temporary workaround, limit the length of file paths entered in the logging preferences.
Is CVE-2018-25231 being actively exploited?
There is no widespread evidence of active exploitation of CVE-2018-25231 at this time.
Where can I find the official HeidiSQL advisory for CVE-2018-25231?
Refer to the HeidiSQL website and relevant security forums for updates and advisories related to CVE-2018-25231.
Ist dein Projekt betroffen?
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.