Platform
windows
Component
networkactiv-web-server
Fixed in
4.0.1
CVE-2018-25235 describes a buffer overflow vulnerability affecting NetworkActiv Web Server versions 4.0 Pre-Alpha-3.7.2 and earlier. This flaw allows local attackers to crash the application by providing a username string that exceeds the allocated buffer size. The vulnerability impacts systems running NetworkActiv Web Server and can result in a denial-of-service condition.
The primary impact of CVE-2018-25235 is a denial-of-service (DoS). An attacker can trigger this by crafting a username string longer than the buffer allocated for the username field within the Security options interface. This overflow can cause the NetworkActiv Web Server process to crash, rendering the service unavailable. While the vulnerability is local, it could be exploited by an attacker who has already gained some level of access to the system. The blast radius is limited to the affected server and its services, but the disruption can impact users relying on the web server's functionality.
CVE-2018-25235 was published on 2026-03-30. There is no indication of active exploitation or inclusion in the CISA KEV catalog. Public proof-of-concept (PoC) code is not currently available. The vulnerability's local nature and the lack of readily available exploits may limit its immediate exploitation risk.
Exploit Status
EPSS
0.01% (3% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2018-25235 is to upgrade to a patched version of NetworkActiv Web Server. Unfortunately, no specific patched version is provided in the CVE details. As a temporary workaround, consider implementing input validation on the username field to limit the maximum length of the input string. This can be achieved through code modifications or potentially through a web application firewall (WAF) configured to block requests with excessively long usernames. Monitor system logs for unusual crashes or errors related to the web server process.
Update to a patched version of the NetworkActiv Web Server software. Contact the vendor for the latest version or an alternative solution.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2018-25235 is a buffer overflow vulnerability in NetworkActiv Web Server versions 4.0 Pre-Alpha-3.7.2 and earlier. It allows local attackers to crash the application via a long username string, leading to a denial-of-service.
You are affected if you are running NetworkActiv Web Server version 4.0 Pre-Alpha-3.7.2 or an earlier version. Check your installed version against the affected range.
Upgrade to a patched version of NetworkActiv Web Server. Unfortunately, a specific patched version is not provided in the CVE details. Input validation on the username field is a temporary workaround.
There is currently no indication of active exploitation of CVE-2018-25235.
Refer to the CVE details for links to relevant vendor advisories and security information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.