Plattform
windows
Komponente
webdrive
CVE-2018-25233 describes a denial-of-service (DoS) vulnerability present in WebDrive version 18.00.5057. An attacker can trigger a crash by supplying an excessively long string, specifically a buffer-overflow payload of 5000 bytes, in the username field during Secure WebDAV connection setup. This vulnerability allows for local exploitation and can disrupt application availability. A fix is available from the vendor.
The impact of CVE-2018-25233 is a denial of service. A successful exploit results in WebDrive crashing, preventing users from accessing network resources through the application. Like CVE-2018-25231, this vulnerability is local, requiring an attacker to have access to the system running WebDrive. The attack involves crafting a username string exceeding the expected buffer size, triggering a buffer overflow during the connection test. The blast radius is limited to the affected WebDrive instance and the network resources it manages.
CVE-2018-25233 is not currently listed on KEV or EPSS. The CVSS score of 6.2 (MEDIUM) indicates a moderate probability of exploitation. Public proof-of-concept (POC) code is not widely available, but the vulnerability is relatively straightforward to exploit. The vulnerability was published on 2026-03-30 by the NVD.
Organizations and individuals using WebDrive version 18.00.5057 are at risk. This includes users of shared hosting environments where WebDrive is deployed, as well as those relying on WebDrive for file transfer and management tasks. Legacy systems running this version and lacking robust security monitoring are particularly vulnerable.
• windows / supply-chain:
Get-Process WebDrive | Stop-Process -Force• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='WebDrive']]]" -MaxEvents 10• windows / supply-chain: Check Autoruns for unusual WebDrive entries or startup commands.
disclosure
Exploit-Status
EPSS
0.01% (3% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2018-25233 is to upgrade to a patched version of WebDrive. If upgrading is not immediately feasible, restrict user access to the Secure WebDAV connection setup to prevent malicious modification of the username field. A Web Application Firewall (WAF) is unlikely to be effective in this scenario due to the local nature of the vulnerability. Monitoring system logs for unusual process terminations related to WebDrive could provide early detection. There are no specific Sigma or YARA rules available for this vulnerability, but monitoring for crashes related to excessive username lengths could be a useful indicator. After upgrading, confirm the fix by attempting to set an excessively long username; the application should not crash.
Actualizar WebDrive a una versión posterior a la 18.00.5057. Esto solucionará la vulnerabilidad de denegación de servicio causada por el manejo incorrecto de cadenas largas en el campo de nombre de usuario durante la configuración de la conexión Secure WebDAV.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2018-25233 is a denial-of-service vulnerability in WebDrive 18.00.5057 that allows local attackers to crash the application by providing a long username string during Secure WebDAV connection setup.
If you are using WebDrive version 18.00.5057, you are potentially affected by this vulnerability. Upgrade to a patched version as soon as possible.
The recommended fix is to upgrade to a patched version of WebDrive. Check the vendor's website for available updates.
There is no widespread evidence of active exploitation of CVE-2018-25233 at this time, but the vulnerability remains a potential risk.
Please refer to the vendor's website or security advisories for the official advisory regarding CVE-2018-25233.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.