What is CVE-2018-25285?

Fathom 2.4 has a buffer overflow vulnerability that can be exploited by local attackers to crash the application. This medium-severity issue requires immediate attention to prevent potential denial of service conditions.

What is the severity of CVE-2018-25285?

CVE-2018-25285 has a severity rating of MEDIUM with a CVSS base score of 6.8.

CVE-2018-25285 | Medium Vulnerability in Fathom 2.4

Fathom 2.4 contains a buffer overflow vulnerability in the Authorization Code field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 6000-byte payload into the Authorization Code field and click Activate to trigger a denial of service condition. This vulnerability has a CVSS score of 6.8, classifying it as medium severity.

Risk to organizations includes potential service interruptions, as the vulnerability allows local users to crash the application. Given the nature of the flaw, organizations should prioritize patching immediately to mitigate the risks associated with this vulnerability.

Currently, there is no known exploit available for CVE-2018-25285, but the potential for local attackers to leverage this vulnerability exists, necessitating a proactive approach to security.

Organizations should continuously monitor for updates regarding this vulnerability, and ensure they have appropriate remediation strategies in place.

Vulnerability Details

The vulnerability allows local attackers to crash the application through a buffer overflow in the Authorization Code field. The CVSS score of 6.8 indicates a medium severity, with a high availability impact. The affected version is Fathom 2.4, and the vulnerability was published on April 26, 2026.

Technical Analysis

The root cause of this vulnerability is a buffer overflow resulting from insufficient validation of input length in the Authorization Code field. The attack vector is local, requiring no privileges, and involves low complexity as attackers can trigger the flaw by simply submitting a long string.

The attack requires passive user interaction, as the activation of the payload does not necessitate any additional steps from the user. The vulnerability has a high availability impact, as it can crash the application, leading to service interruptions.

Risk & Impact Analysis

Organizations that deploy Fathom 2.4 should be aware of the potential risks associated with this vulnerability. The blast radius could significantly affect users relying on the application, as the denial of service condition may disrupt operations.

Organizations should assess the urgency of addressing this vulnerability based on their operational requirements and the potential impact of service disruptions. Given the medium CVSS score, organizations should address this in their priority patch cycle.

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected version is Fathom 2.4. If version information is missing, note that it is all versions prior to vendor patch.

Mitigation & Remediation

To mitigate this vulnerability, organizations should apply the latest patches for Fathom. If a patch is not available, consider implementing workarounds such as input validation to restrict the size of the Authorization Code field.

Organizations may also want to implement network controls to limit the ability of local users to exploit this vulnerability. Regular monitoring and logging should be established to detect unusual activity related to this vulnerability.

For further guidance on securing your applications, organizations can explore penetration testing services.

Detection Guidance

To detect potential exploitation of this vulnerability, organizations should monitor application logs for any anomalies related to the Authorization Code field. Behavioral anomalies, such as unexpected crashes or service interruptions, should also be investigated.

Additionally, network signatures that identify unusual payload sizes in requests to the application can help in detection.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability lies in its representation of how even minor oversights in input validation can lead to serious operational impacts. This vulnerability highlights the importance of rigorous testing and validation in application security.

Organizations should learn from this incident to strengthen their security posture and incorporate robust security practices throughout the software development lifecycle.

To further enhance security, consider reading about penetration testing methodology and implementing strategies discussed in our vulnerability management program blog.

Lastly, engage with our resources on API penetration testing to further bolster application security.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2026-7704	CVE-2026-7704: Low Vulnerability in AV Stumpfl Pixera Two Media Server	LOW	Path Traversal	May 3, 2026
CVE-2026-7703	CVE-2026-7703: Medium Vulnerability in AV Stumpfl Pixera Two Media Server	MEDIUM	Injection	May 3, 2026
CVE-2026-7702	CVE-2026-7702: Medium Vulnerability in toeverything AFFiNE	MEDIUM	Improper Authorization	May 3, 2026
CVE-2026-7701	CVE-2026-7701: Low Vulnerability in Telegram Desktop	LOW	Null Pointer Dereference	May 3, 2026
CVE-2026-7700	CVE-2026-7700: Low Vulnerability in langflow-ai langflow	LOW	Injection	May 3, 2026

CVE-2018-25285: Medium Vulnerability in Fathom 2.4