Platform
windows
Component
webdrive
CVE-2018-25233 describes a denial-of-service (DoS) vulnerability present in WebDrive version 18.00.5057. An attacker can trigger a crash by supplying an excessively long string, specifically a buffer-overflow payload of 5000 bytes, in the username field during Secure WebDAV connection setup. This vulnerability allows for local exploitation and can disrupt application availability. A fix is available from the vendor.
The primary impact of CVE-2018-25233 is a denial-of-service condition. A successful exploit results in the WebDrive application crashing, rendering it unavailable to legitimate users. This can disrupt file transfer operations and potentially impact business processes reliant on WebDrive. The vulnerability's local nature means an attacker must have local access to the system running WebDrive to exploit it. While not a remote code execution vulnerability, the DoS can be disruptive and potentially used as a distraction for other malicious activities. The ease of triggering the crash with a simple username manipulation makes it relatively straightforward to exploit.
CVE-2018-25233 is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, suggesting a low probability of widespread exploitation. The vulnerability was publicly disclosed on 2026-03-30. Given the local nature of the exploit and the lack of readily available PoCs, the immediate risk is considered moderate.
Exploit Status
EPSS
0.01% (3% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2018-25233 is to upgrade to a patched version of WebDrive. If upgrading immediately is not possible, consider implementing temporary workarounds. One approach is to limit the maximum length of the username field accepted during Secure WebDAV connection setup. This can be achieved through configuration changes or by implementing input validation. Monitoring system logs for WebDrive crashes is also recommended to detect potential exploitation attempts. Consider implementing a WAF rule to block unusually long username strings during WebDAV connections.
Update WebDrive to a version later than 18.00.5057. This will resolve the denial of service vulnerability caused by improper handling of long strings in the username field during Secure WebDAV connection setup.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2018-25233 is a denial-of-service vulnerability in WebDrive 18.00.5057 that allows local attackers to crash the application by providing a long username string during Secure WebDAV connection setup.
If you are using WebDrive version 18.00.5057, you are potentially affected by this vulnerability. Upgrade to a patched version as soon as possible.
The recommended fix is to upgrade to a patched version of WebDrive. Check the vendor's website for available updates.
There is no widespread evidence of active exploitation of CVE-2018-25233 at this time, but the vulnerability remains a potential risk.
Please refer to the vendor's website or security advisories for the official advisory regarding CVE-2018-25233.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.