{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2018-25233", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-30T10:59:35.575Z", "datePublished": "2026-03-30T11:02:24.755Z", "dateUpdated": "2026-03-30T13:38:57.879Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-30T11:02:24.755Z"}, "datePublic": "2018-10-31T00:00:00.000Z", "title": "WebDrive 18.00.5057 Denial of Service via Secure WebDAV", "descriptions": [{"lang": "en", "value": "WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV connection setup. Attackers can input a buffer-overflow payload of 5000 bytes in the username parameter and trigger a connection test to cause the application to crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Handling of Parameters", "cweId": "CWE-233", "type": "CWE"}]}], "affected": [{"vendor": "Webdrive", "product": "WebDrive", "versions": [{"version": "18.00.5057", "status": "affected"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:southrivertech:webdrive:18.00.5057:*:*:*:*:*:*:*"}]}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/45761", "name": "ExploitDB-45761", "tags": ["exploit"]}, {"url": "https://webdrive.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://webdrive.com/download/", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: WebDrive 18.00.5057 Denial of Service via Secure WebDAV", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/webdrive-denial-of-service-via-secure-webdav"}], "credits": [{"lang": "en", "value": "Victor Mondrag\u00f3n", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T13:38:50.876685Z", "id": "CVE-2018-25233", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T13:38:57.879Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-25233", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T13:38:50.876685Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T13:38:55.071Z"}}], "cna": {"title": "WebDrive 18.00.5057 Denial of Service via Secure WebDAV", "credits": [{"lang": "en", "type": "finder", "value": "Victor Mondrag\u00f3n"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Webdrive", "product": "WebDrive", "versions": [{"status": "affected", "version": "18.00.5057"}]}], "datePublic": "2018-10-31T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/45761", "name": "ExploitDB-45761", "tags": ["exploit"]}, {"url": "https://webdrive.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://webdrive.com/download/", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/webdrive-denial-of-service-via-secure-webdav", "name": "VulnCheck Advisory: WebDrive 18.00.5057 Denial of Service via Secure WebDAV", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV connection setup. Attackers can input a buffer-overflow payload of 5000 bytes in the username parameter and trigger a connection test to cause the application to crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-233", "description": "Improper Handling of Parameters"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:southrivertech:webdrive:18.00.5057:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-30T11:02:24.755Z"}}}, "cveMetadata": {"cveId": "CVE-2018-25233", "state": "PUBLISHED", "dateUpdated": "2026-03-30T13:38:57.879Z", "dateReserved": "2026-03-30T10:59:35.575Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-30T11:02:24.755Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:southrivertech:webdrive:18.00.5057:*:*:*:*:*:*:*", "matchCriteriaId": "2F8A1FDE-D01B-48EA-BA4C-68717B85E85D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV connection setup. Attackers can input a buffer-overflow payload of 5000 bytes in the username parameter and trigger a connection test to cause the application to crash."}, {"lang": "es", "value": "WebDrive 18.00.5057 contiene una vulnerabilidad de denegaci\u00f3n de servicio que permite a atacantes locales bloquear la aplicaci\u00f3n al proporcionar una cadena excesivamente larga en el campo de nombre de usuario durante la configuraci\u00f3n de una conexi\u00f3n Secure WebDAV. Los atacantes pueden introducir una carga \u00fatil de desbordamiento de b\u00fafer de 5000 bytes en el par\u00e1metro de nombre de usuario y activar una prueba de conexi\u00f3n para provocar el bloqueo de la aplicaci\u00f3n."}], "id": "CVE-2018-25233", "lastModified": "2026-04-08T16:43:23.467", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-30T12:16:17.293", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://webdrive.com/"}, {"source": "disclosure@vulncheck.com", "tags": ["Broken Link", "Product"], "url": "https://webdrive.com/download/"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/45761"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/webdrive-denial-of-service-via-secure-webdav"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-233"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "18.00.5057"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "webdrive", "vendor": "southrivertech"}], "analysis": {"en": {"generated_at": "2026-03-30T12:22:04.893246+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2011supplied patch or upgrade to the latest WebDrive release.", "Restart the WebDrive service after the update to ensure changes take effect.", "Verify that Secure WebDAV connections no longer crash by performing a connection test.", "If an immediate update is not feasible, disable Secure WebDAV functionality temporarily to mitigate the risk.", "Regularly review WebDrive security advisory pages for any new updates."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service by crashing the WebDrive application"}, "threat_synthesis": {"affected_systems": "The flaw affects WebDrive version 18.00.5057 produced by WebDrive (South River Technology). Any deployment of this specific build that uses Secure WebDAV is vulnerable. No other versions are mentioned as affected.", "description_and_impact": "The vulnerability is a buffer overflow that allows an attacker to crash the WebDrive 18.00.5057 application by supplying a 5000\u2011byte username string during the Secure WebDAV connection setup. The flaw can be triggered by executing a simple connection test and results in the application terminating unexpectedly, thereby denying legitimate users access to the drive until the service is restarted.", "risk_and_exploitability": "The CVSS score of 6.9 indicates medium severity. Because the exploit requires the attacker to be present on the machine that runs WebDrive, the risk is limited to local. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting it is not widely exploited yet. An attacker could achieve a denial of service by crafting a long username string and initiating a Secure WebDAV connection, causing the application to crash and potentially disrupting business operations."}}}}, "created": "2026-03-30T20:55:51.459614+00:00", "updated": "2026-04-03T09:11:23.622543+00:00", "vendors": ["southrivertech", "southrivertech$PRODUCT$webdrive"]}