CVE-2018-25423 Armcode CVE debrief

Who should care

Organizations running Arm Whois 3.11 on shared workstations or multi-user systems where local access cannot be fully restricted. Security teams monitoring legacy software with inadequate input validation. Incident responders investigating unexplained application crashes in whois tooling.

Technical summary

CVE-2018-25423 is a buffer overflow vulnerability in Arm Whois 3.11. A local attacker can trigger a denial of service condition by supplying approximately 700 bytes of input to either the IP address or domain input field. The vulnerability is classified as CWE-120 (Buffer Copy without Checking Size of Input). The CVSS 4.0 score of 6.9 (MEDIUM) reflects local attack vector requirements with high availability impact but no confidentiality or integrity impact. The vulnerability status in NVD is Deferred, indicating the entry may not have completed full analysis. No known ransomware campaign use or CISA KEV listing is present.

Defensive priority

medium

Recommended defensive actions

• Restrict access to Arm Whois 3.11 installations to trusted users only, as exploitation requires local access
• Monitor for unexpected application crashes in Arm Whois that may indicate attempted exploitation
• Consider removing or replacing Arm Whois 3.11 with an alternative whois client that receives active security maintenance
• Apply input validation controls if Arm Whois is used in automated or scripted workflows
• Review endpoint protection logs for anomalous process terminations related to arm-whois.exe

Evidence notes

The CVE was published on 2026-05-30 and last modified on 2026-06-01. The NVD entry lists the vulnerability status as Deferred. The CVSS 4.0 vector indicates local attack vector (AV:L) with high availability impact (VA:H). The weakness is classified as CWE-120 (Buffer Copy without Checking Size of Input). Source references include the vendor website, a download link for the affected software, an Exploit-DB entry, and a VulnCheck advisory.

Official resources