PatchSiren cyber security CVE debrief
CVE-2018-25345 10-Strike CVE debrief
A local buffer overflow vulnerability exists in 10-Strike Network Scanner 3.0, specifically within the host name field. The vulnerability allows attackers to bypass SafeSEH protections and achieve arbitrary code execution by supplying a malicious payload through the host name or address field, then triggering the flaw via the Trace route or System information functions. The issue is classified as CWE-120 (Classic Buffer Overflow). Despite the CVE identifier suggesting 2018, the record was published to the NVD on 2026-05-23 and last modified on 2026-05-26, with a current vulnerability status of 'Deferred'. The CVSS 4.0 vector indicates a local attack vector with low attack complexity, no privileges required, and high impacts to confidentiality, integrity, and availability. No known exploitation in ransomware campaigns has been documented, and the vulnerability is not listed in CISA KEV.
- Vendor
- 10-Strike
- Product
- Network Scanner
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-23
- Original CVE updated
- 2026-05-26
- Advisory published
- 2026-05-23
- Advisory updated
- 2026-05-26
Who should care
Organizations using 10-Strike Network Scanner 3.0 for network discovery and auditing; security teams responsible for endpoint protection and vulnerability management; incident responders monitoring for local privilege escalation techniques; and administrators of Windows environments where SafeSEH-aware applications may be targeted for bypass.
Technical summary
The vulnerability is a classic stack-based buffer overflow (CWE-120) in the host name parsing logic of 10-Strike Network Scanner 3.0. The application fails to properly validate input length when processing host names or addresses, allowing an attacker to overwrite the structured exception handler (SEH) chain. By bypassing SafeSEH protections, the attacker can redirect execution to shellcode. Trigger vectors include the Trace route and System information functions, which process user-supplied host names. The attack requires local access (AV:L) but no privileges (PR:N) and has low complexity (AC:L), resulting in complete system compromise (VC:H/VI:H/VA:H).
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to a patched version of 10-Strike Network Scanner if available from the vendor
- Restrict execution of 10-Strike Network Scanner to trusted administrative users only
- Implement application whitelisting to prevent unauthorized execution of vulnerable binaries
- Monitor for suspicious process execution or unexpected network activity from 10-Strike Network Scanner processes
- Review endpoint detection and response (EDR) policies for indicators of local privilege escalation or SEH-based exploitation
- Contact 10-Strike Software directly to confirm patch availability and obtain security guidance
Evidence notes
The vulnerability description and technical details are sourced from the NVD record and VulnCheck advisory. The CVSS 4.0 vector and CWE-120 classification are explicitly provided in the source metadata. The 'Deferred' status in NVD suggests the entry may require additional review or vendor coordination.
Official resources
The vulnerability was disclosed via VulnCheck and is documented in Exploit-DB. The vendor website (10-Strike) is referenced though no official vendor advisory was identified in the source corpus.