{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2018-25221", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-28T11:47:06.776Z", "datePublished": "2026-03-28T11:58:13.951Z", "dateUpdated": "2026-03-30T15:52:11.654Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-28T11:58:13.951Z"}, "title": "EChat Server 3.1 Buffer Overflow via chat.ghp username Parameter", "descriptions": [{"lang": "en", "value": "EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets to achieve code execution in the application context."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "affected": [{"vendor": "Echatserver", "product": "EChat Server", "versions": [{"version": "3.1", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/44155", "name": "ExploitDB-44155", "tags": ["exploit"]}, {"name": "VulnCheck Advisory: EChat Server 3.1 Buffer Overflow via chat.ghp username Parameter", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/echat-server-buffer-overflow-via-chat-ghp-username-parameter"}], "credits": [{"lang": "en", "value": "Juan Sacco <jsacco@exploitpack.com>", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "datePublic": "2018-02-21T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T15:52:00.583702Z", "id": "CVE-2018-25221", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T15:52:11.654Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-25221", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-30T15:52:00.583702Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T15:52:07.128Z"}}], "cna": {"title": "EChat Server 3.1 Buffer Overflow via chat.ghp username Parameter", "credits": [{"lang": "en", "type": "finder", "value": "Juan Sacco <jsacco@exploitpack.com>"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Echatserver", "product": "EChat Server", "versions": [{"status": "affected", "version": "3.1"}]}], "datePublic": "2018-02-21T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/44155", "name": "ExploitDB-44155", "tags": ["exploit"]}, {"url": "https://www.vulncheck.com/advisories/echat-server-buffer-overflow-via-chat-ghp-username-parameter", "name": "VulnCheck Advisory: EChat Server 3.1 Buffer Overflow via chat.ghp username Parameter", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets to achieve code execution in the application context."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-28T11:58:13.951Z"}}}, "cveMetadata": {"cveId": "CVE-2018-25221", "state": "PUBLISHED", "dateUpdated": "2026-03-30T15:52:11.654Z", "dateReserved": "2026-03-28T11:47:06.776Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-28T11:58:13.951Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets to achieve code execution in the application context."}], "id": "CVE-2018-25221", "lastModified": "2026-03-30T13:26:07.647", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-28T12:16:02.793", "references": [{"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/44155"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/echat-server-buffer-overflow-via-chat-ghp-username-parameter"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "echat_server", "vendor": "echatserver"}], "analysis": {"en": {"generated_at": "2026-03-28T13:22:20.764710+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2019s security patch or upgrade the EChat Server to the latest release that eliminates the buffer overflow.", "Enforce strict validation or length limits on the username field at the application or web\u2011server level to prevent excessive input.", "Deploy a web application firewall or similar filtering rule to block unusually long or malformed GET requests to the chat.ghp endpoint.", "Continuously monitor web server logs for suspicious chat.ghp requests and investigate any anomalous activity."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability impacts the EChat Server product, version 3.1, distributed by the vendor EChatServer. Any deployment running this exact version is affected. Version information for minor builds is not provided, so additional verification is required for other releases.", "description_and_impact": "A buffer overflow exists in the chat.ghp endpoint of EChat Server 3.1, triggered by supplying an oversized username parameter. An attacker can embed shellcode and ROP gadgets within this parameter, which, when processed by the application, results in the execution of arbitrary code in the server\u2019s context. The flaw falls under CWE\u2011787 and allows a remote user to take full control of the affected system.", "risk_and_exploitability": "The CVSS score of 9.3 denotes a critical level of risk, with a very high likelihood that attackers could exploit the flaw. The EPSS score is not available, but the high CVSS indicates serious potential damage. The vulnerability is not yet listed in the CISA KEV catalog, suggesting no confirmed widespread exploitation has occurred. Attackers would remotely send a crafted GET request to the chat.ghp endpoint from outside the network, with the malicious username payload, to achieve code execution."}}}}, "created": "2026-03-29T20:32:17.223644+00:00", "updated": "2026-03-30T06:59:10.992788+00:00", "vendors": ["echatserver", "echatserver$PRODUCT$echat_server"]}