CVE-2018-25328

HIGH 8.4

VX Search 10.6.18 Local Buffer Overflow via Directory Field

CVSS Score

8.4

EPSS Score

0.0%

EPSS Percentile

0th

VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Attackers can craft a malicious input file containing 271 bytes of junk data followed by a return address to execute arbitrary code with application privileges.

CWE	CWE-120
Vendor	vxsearch
Product	vx search
Published	May 17, 2026
Last Updated	May 18, 2026

Stay Ahead of the Next One

Get instant alerts for vxsearch vx search

Be the first to know when new high vulnerabilities affecting vxsearch vx search are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

vxsearch / VX Search

10.6.18

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/44494 7elements.co.uk: https://www.7elements.co.uk vxsearch.com: http://www.vxsearch.com vulncheck.com: https://www.vulncheck.com/advisories/vx-search-local-buffer-overflow-via-directory-field

Credits

Kevin McGuigan