{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2018-25239", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-04-04T13:16:20.974Z", "datePublished": "2026-04-04T13:51:07.117Z", "dateUpdated": "2026-04-06T16:42:33.379Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-04T19:59:50.982Z"}, "datePublic": "2018-01-28T00:00:00.000Z", "title": "Smart VPN 1.1.3.0 Denial of Service via Search", "descriptions": [{"lang": "en", "value": "Smart VPN 1.1.3.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the search interface. Attackers can paste a buffer of 2100 characters into the top right search bar to trigger an unhandled exception that crashes the application."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", "cweId": "CWE-470", "type": "CWE"}]}], "affected": [{"vendor": "SmartVPN", "product": "Smart VPN", "versions": [{"version": "1.1.3.0", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46272", "name": "ExploitDB-46272", "tags": ["exploit"]}, {"url": "https://www.microsoft.com/store/productId/9NH1G93D4HKR", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: mart VPN 1.1.3.0 Denial of Service via Search", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/smart-vpn-denial-of-service-via-search"}], "credits": [{"lang": "en", "value": "0xB9", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T16:42:06.658945Z", "id": "CVE-2018-25239", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T16:42:33.379Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-25239", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-06T16:42:06.658945Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T16:42:21.526Z"}}], "cna": {"title": "Smart VPN 1.1.3.0 Denial of Service via Search", "credits": [{"lang": "en", "type": "finder", "value": "0xB9"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "SmartVPN", "product": "Smart VPN", "versions": [{"status": "affected", "version": "1.1.3.0"}]}], "datePublic": "2018-01-28T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46272", "name": "ExploitDB-46272", "tags": ["exploit"]}, {"url": "https://www.microsoft.com/store/productId/9NH1G93D4HKR", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/smart-vpn-denial-of-service-via-search", "name": "VulnCheck Advisory: mart VPN 1.1.3.0 Denial of Service via Search", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "Smart VPN 1.1.3.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the search interface. Attackers can paste a buffer of 2100 characters into the top right search bar to trigger an unhandled exception that crashes the application."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-470", "description": "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-04T19:59:50.982Z"}}}, "cveMetadata": {"cveId": "CVE-2018-25239", "state": "PUBLISHED", "dateUpdated": "2026-04-06T16:42:33.379Z", "dateReserved": "2026-04-04T13:16:20.974Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-04-04T13:51:07.117Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Smart VPN 1.1.3.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the search interface. Attackers can paste a buffer of 2100 characters into the top right search bar to trigger an unhandled exception that crashes the application."}], "id": "CVE-2018-25239", "lastModified": "2026-04-16T16:15:56.380", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-04-04T14:16:19.293", "references": [{"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/46272"}, {"source": "disclosure@vulncheck.com", "url": "https://www.microsoft.com/store/productId/9NH1G93D4HKR"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/smart-vpn-denial-of-service-via-search"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-470"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.1.3.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Smart VPN", "source": "cna", "vendor": "SmartVPN"}, "product": "smart_vpn", "vendor": "smartvpn"}], "analysis": {"en": {"generated_at": "2026-04-04T18:22:14.108857+00:00", "value": {"mitigation_remediation": ["Apply any vendor patch or upgrade Smart VPN to a version where the bug is fixed.", "If no patch is available, restrict local usage of the application or disable the search feature until a fix is released.", "Monitor for unexpected application crashes and log error events for investigation."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Smart VPN product from SmartVPN. The affected version is 1.1.3.0. No other versions are noted in the CNA data.", "description_and_impact": "Smart VPN version 1.1.3.0 includes a buffer overflow in the search interface that can be triggered by an attacker with local access. By submitting an oversized 2100\u2011character string into the top\u2011right search bar, the application throws an unhandled exception, causing the process to terminate. This results in a denial of service for the user of the application, but does not provide any compromise of data or privilege escalation.", "risk_and_exploitability": "The CVSS score is 6.9, indicating a moderate severity. EPSS information is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting that widespread exploitation is not currently known. Exploitation requires local access to the machine running the application. Therefore, the risk is primarily to users with direct access to the vulnerable instance, and an attacker can repeatedly crash the application but cannot gain further privileges or access remote systems."}}}}, "created": "2026-04-06T20:27:12.474396+00:00", "updated": "2026-04-06T21:57:48.213497+00:00", "vendors": ["smartvpn", "smartvpn$PRODUCT$smart_vpn"]}