PatchSiren

PatchSiren cyber security CVE debrief

CVE-2018-25320 Unknown Vendor CVE debrief

CVE-2018-25320 is an arbitrary code execution issue reported in ACL Analytics versions 11.x through 13.0.0.579. The NVD record and supplied advisory material indicate the EXECUTE function can be abused to run attacker-controlled commands, and the CVSS vector reflects network-reachable, unauthenticated, no-user-interaction risk with high impact to confidentiality, integrity, and availability. Because public references include an Exploit-DB entry, defenders should treat exposed or widely deployed instances as high priority.

Vendor
Unknown Vendor
Product
Unknown
CVSS
CRITICAL 9.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-17
Original CVE updated
2026-05-18
Advisory published
2026-05-17
Advisory updated
2026-05-18

Who should care

Security, endpoint, and application owners responsible for ACL Analytics deployments; SOC teams monitoring Windows command execution; IT teams managing analytics software on systems that may have elevated privileges.

Technical summary

The vulnerability is classified as CWE-94 (code injection). According to the supplied source data, ACL Analytics 11.x through 13.0.0.579 can be driven into arbitrary command execution through the EXECUTE function. The NVD CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required, and no user interaction, with high impact to confidentiality, integrity, and availability. The source corpus also links to a vendor domain, a product page for ACL Analytics, a VulnCheck advisory, and an Exploit-DB reference, supporting the conclusion that the issue is publicly known and operationally serious.

Defensive priority

Critical. If ACL Analytics is deployed in your environment, inventory affected versions immediately and prioritize containment or remediation before routine maintenance work.

Recommended defensive actions

  • Identify all ACL Analytics installations and confirm whether any system is running version 11.x through 13.0.0.579.
  • Treat exposed instances as high risk and restrict network access to the application until remediation is complete.
  • Apply the vendor or advisory guidance referenced in the supplied sources, and upgrade or replace affected versions where a fixed release is available.
  • Review whether the EXECUTE function is required in your environment; if business processes allow, limit or disable its use.
  • Monitor host telemetry for suspicious command execution, script launch activity, and unexpected child processes associated with ACL Analytics.
  • Investigate any signs of outbound connections, unusual downloads, or privilege-abusing behavior on affected hosts.
  • Validate adjacent administrative controls such as least privilege and application allowlisting on systems running ACL Analytics.

Evidence notes

The conclusion is based only on the supplied NVD record and the referenced ACL/VulnCheck resources. The NVD entry identifies CVE-2018-25320 as received/modified in the provided source snapshot and assigns CWE-94 with a high-severity CVSS vector. The source corpus explicitly states affected ACL Analytics versions 11.x through 13.0.0.579 and describes arbitrary code execution via the EXECUTE function. An Exploit-DB reference is present in the supplied links, but no exploit details are reproduced here.

Official resources

Public references in the supplied corpus include the ACL website, the ACL Analytics product page, a VulnCheck advisory, and an Exploit-DB entry. The NVD record in the source snapshot was modified on the provided date; this debrief does not用