{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2018-25240", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-04-04T13:16:34.636Z", "datePublished": "2026-04-04T13:51:07.827Z", "dateUpdated": "2026-04-06T19:05:28.808Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-04T19:59:51.833Z"}, "datePublic": "2018-01-18T00:00:00.000Z", "title": "Watchr 1.1.0.0 Denial of Service via Search", "descriptions": [{"lang": "en", "value": "Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 8145 characters into the search bar and trigger a search operation to cause the application to crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Handling of Overlap Between Protected Memory Ranges", "cweId": "CWE-1260", "type": "CWE"}]}], "affected": [{"vendor": "Watchr", "product": "Watchr", "versions": [{"version": "1.1.0.0", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46194", "name": "ExploitDB-46194", "tags": ["exploit"]}, {"url": "https://www.microsoft.com/store/productId/9PN12GNX62VZ", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: Watchr 1.1.0.0 Denial of Service via Search", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/watchr-denial-of-service-via-search"}], "credits": [{"lang": "en", "value": "0xB9", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T19:02:53.925832Z", "id": "CVE-2018-25240", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T19:05:28.808Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-25240", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-06T19:02:53.925832Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T19:03:21.592Z"}}], "cna": {"title": "Watchr 1.1.0.0 Denial of Service via Search", "credits": [{"lang": "en", "type": "finder", "value": "0xB9"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Watchr", "product": "Watchr", "versions": [{"status": "affected", "version": "1.1.0.0"}]}], "datePublic": "2018-01-18T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46194", "name": "ExploitDB-46194", "tags": ["exploit"]}, {"url": "https://www.microsoft.com/store/productId/9PN12GNX62VZ", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/watchr-denial-of-service-via-search", "name": "VulnCheck Advisory: Watchr 1.1.0.0 Denial of Service via Search", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 8145 characters into the search bar and trigger a search operation to cause the application to crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1260", "description": "Improper Handling of Overlap Between Protected Memory Ranges"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-04T19:59:51.833Z"}}}, "cveMetadata": {"cveId": "CVE-2018-25240", "state": "PUBLISHED", "dateUpdated": "2026-04-06T19:05:28.808Z", "dateReserved": "2026-04-04T13:16:34.636Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-04-04T13:51:07.827Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 8145 characters into the search bar and trigger a search operation to cause the application to crash."}], "id": "CVE-2018-25240", "lastModified": "2026-04-16T16:15:56.380", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-04-04T14:16:19.453", "references": [{"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/46194"}, {"source": "disclosure@vulncheck.com", "url": "https://www.microsoft.com/store/productId/9PN12GNX62VZ"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/watchr-denial-of-service-via-search"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1260"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.1.0.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "product": "watchr", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-04-04T18:21:59.505029+00:00", "value": {"mitigation_remediation": ["Check the vendor\u2019s website for an updated release and apply it if available", "If no patch exists, consider disabling or removing the search functionality or restricting the maximum input length", "Monitor application logs for abnormal search strings or repeated crashes", "Implement application whitelisting or sandboxing to contain potential failures", "Follow general best practices such as least privilege and timely patch management"], "summary": {"action": "Update Software", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The affected product is Watchr version 1.1.0.0. No additional versions are listed. Users running this release should verify whether the vendor has issued a patch or newer version.", "description_and_impact": "This flaw allows a local attacker to crash the Watchr application by submitting an excessively long string into its search bar, resulting in a denial of service. The vulnerability arises from uncontrolled buffer consumption, as indicated by its CWE\u20111260 classification. Because the crash is triggered by a specific user action, an attacker would be limited to local denial of service on the machine running the software.", "risk_and_exploitability": "The CVSS score of 6.9 indicates moderate severity, and the EPSS score is not available, providing no insight into exploit probability. This vulnerability is not listed in the CISA KEV catalog, suggesting it is not currently known to be exploited in the wild. The attack vector is local, requiring the attacker to be able to interact with the application\u2019s search feature. Based on the description, it is inferred that the attacker must have local access to the machine. While the vulnerability only causes a service crash and does not expose confidentiality or integrity risks, repeated crashes could create a denial\u2011of\u2011service scenario in environments with multiple users or high availability demands."}}}}, "created": "2026-04-06T20:27:11.368900+00:00", "updated": "2026-04-06T21:57:47.167197+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$watchr"]}