What is CVE-2018-25293?

CVE-2018-25293 is a medium-severity buffer overflow vulnerability in Prime95 29.4b7. Local attackers can exploit this flaw to cause a denial of service by entering an excessively long string in the proxy password field. Organizations should prioritize remediation to maintain system availability.

What is the severity of CVE-2018-25293?

CVE-2018-25293 has a severity rating of MEDIUM with a CVSS base score of 6.9.

CVE-2018-25293 | Medium Vulnerability in Prime95

CVE-2018-25293 is a buffer overflow vulnerability found in Prime95 version 29.4b7. This specific vulnerability allows local attackers to crash the application by supplying an excessively long string in the optional proxy password field. By entering a payload of 6000 bytes, attackers can trigger a denial of service condition when the application attempts to process the connection settings.

The vulnerability has a CVSS score of 6.9, classified as medium severity, indicating that it poses a risk to availability without requiring authentication or user interaction to exploit. The attack vector is local, and the attack complexity is low, meaning that local threat actors can easily exploit this vulnerability.

Given that the application can crash when this vulnerability is exploited, organizations utilizing Prime95 should take immediate action to mitigate this risk. The urgency for defenders is high as the potential impact includes significant disruptions in service availability.

As of now, there are no known public exploits for this vulnerability, and it has not been included in the Known Exploited Vulnerabilities (KEV) catalog. However, organizations should remain vigilant and prepare for potential future exploits.

Vulnerability Details

The official description of this vulnerability states that Prime95 29.4b7 contains a buffer overflow vulnerability in the PrimeNet connection dialog. The issue arises when an excessively long string is supplied in the optional proxy password field. This buffer overflow allows local attackers to crash the application, leading to a denial of service.

The CVSS version 4.0 score is 6.9, indicating medium severity, with a high impact on availability. The vulnerability is classified under CWE-120, which refers to buffer errors.

Technical Analysis

The root cause of this vulnerability is a failure to properly validate the length of user input in the proxy password field of the PrimeNet connection dialog. This oversight allows for a buffer overflow to occur.

The attack vector is classified as local, meaning an attacker must have access to the system. The attack complexity is low, suggesting that no special conditions need to be met for the attack to succeed. No privileges are required, and user interaction is not necessary.

The availability impact is high, as the application will crash upon processing the malicious input. However, there is no confidentiality or integrity impact associated with this vulnerability.

Risk & Impact Analysis

The real-world risk associated with CVE-2018-25293 primarily revolves around the availability of the Prime95 application. Attackers may leverage this vulnerability to disrupt operations by causing unexpected crashes.

The blast radius for this vulnerability is confined to systems running the affected version of Prime95. Organizations that rely on this application for computational tasks should assess the potential impact of downtime and prioritize remediation efforts.

Organizations should address this vulnerability in their priority patch cycle. Given the medium severity rating, it is crucial to implement a fix promptly to maintain operational integrity.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions prior to vendor patch.

Mitigation & Remediation

Organizations should apply the latest patches for Prime95 to remediate this vulnerability. If a patch is not available, consider implementing input validation measures to limit the length of input in the proxy password field.

For more comprehensive security, organizations may benefit from engaging in penetration testing to identify and address vulnerabilities proactively.

Detection Guidance

To detect potential exploitation attempts, organizations should monitor application logs for unusual errors related to the PrimeNet connection dialog. Additionally, reviewing logs for repeated crashes can indicate exploit attempts.

AppSecure Threat Intelligence Insight

From a threat intelligence perspective, the buffer overflow vulnerability in Prime95 illustrates the ongoing challenges in software security, particularly in applications with local attack vectors. Security teams should be aware of vulnerabilities in commonly used applications such as Prime95 and ensure they are included in regular security assessments.

For organizations looking to strengthen their security posture, investing in a comprehensive application security assessment can help identify critical weaknesses before they can be exploited.

Moreover, organizations may consider adopting a continuous penetration testing strategy to ensure ongoing vigilance against potential vulnerabilities and threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2018-25293: Medium Vulnerability in Prime95