CVE-2018-25272

CRITICAL 9.8

ELBA5 5.8.0 Remote Code Execution via Database Access

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands via the xp_cmdshell stored procedure or add backdoor users to the BEDIENER table.

CWE	CWE-326
Vendor	elba
Product	elba5
Published	Apr 22, 2026

Stay Ahead of the Next One

Get instant alerts for elba elba5

Be the first to know when new critical vulnerabilities affecting elba elba5 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Elba / ELBA5

5.8.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/45905 elba.at: https://www.elba.at vulncheck.com: https://www.vulncheck.com/advisories/elba5-remote-code-execution-via-database-access

Credits

Florian Bogner