{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2018-25225", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-28T11:50:18.468Z", "datePublished": "2026-03-28T11:58:17.188Z", "dateUpdated": "2026-03-30T14:07:37.759Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-28T11:58:17.188Z"}, "title": "SIPP 3.3 Stack-Based Buffer Overflow via Configuration File", "descriptions": [{"lang": "en", "value": "SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack buffer, overwriting the return address and executing arbitrary code through return-oriented programming gadgets."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Missing Authentication for Critical Function", "cweId": "CWE-306", "type": "CWE"}]}], "affected": [{"vendor": "Sipp", "product": "SIPP", "versions": [{"version": "3.3", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.6, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/45288", "name": "ExploitDB-45288", "tags": ["exploit"]}, {"url": "http://sipp.sourceforge.net/", "name": "Official Product Homepage", "tags": ["product"]}, {"name": "VulnCheck Advisory: SIPP 3.3 Stack-Based Buffer Overflow via Configuration File", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/sipp-stack-based-buffer-overflow-via-configuration-file"}], "credits": [{"lang": "en", "value": "Juan Sacco <jsacco@exploitpack.com> - http://exploitpack.com", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "datePublic": "2018-08-29T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T14:06:46.562498Z", "id": "CVE-2018-25225", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T14:07:37.759Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-25225", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-30T14:06:46.562498Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T14:07:27.327Z"}}], "cna": {"title": "SIPP 3.3 Stack-Based Buffer Overflow via Configuration File", "credits": [{"lang": "en", "type": "finder", "value": "Juan Sacco <jsacco@exploitpack.com> - http://exploitpack.com"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Sipp", "product": "SIPP", "versions": [{"status": "affected", "version": "3.3"}]}], "datePublic": "2018-08-29T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/45288", "name": "ExploitDB-45288", "tags": ["exploit"]}, {"url": "http://sipp.sourceforge.net/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/sipp-stack-based-buffer-overflow-via-configuration-file", "name": "VulnCheck Advisory: SIPP 3.3 Stack-Based Buffer Overflow via Configuration File", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack buffer, overwriting the return address and executing arbitrary code through return-oriented programming gadgets."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-28T11:58:17.188Z"}}}, "cveMetadata": {"cveId": "CVE-2018-25225", "state": "PUBLISHED", "dateUpdated": "2026-03-30T14:07:37.759Z", "dateReserved": "2026-03-28T11:50:18.468Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-28T11:58:17.188Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack buffer, overwriting the return address and executing arbitrary code through return-oriented programming gadgets."}], "id": "CVE-2018-25225", "lastModified": "2026-03-30T13:26:07.647", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-28T12:16:03.560", "references": [{"source": "disclosure@vulncheck.com", "url": "http://sipp.sourceforge.net/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/45288"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/sipp-stack-based-buffer-overflow-via-configuration-file"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.3"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "SIPP", "source": "cna", "vendor": "Sipp"}, "product": "sipp", "vendor": "sipp"}], "analysis": {"en": {"generated_at": "2026-03-28T13:21:13.039640+00:00", "value": {"mitigation_remediation": ["Upgrade SIPP to the latest released version that contains the fix.", "Restrict write permissions on the configuration file or relocate it to a protected directory.", "Ensure the application does not run with elevated privileges or as a system user.", "Monitor system logs for anomalous execution of SIPP or unexpected configuration changes.", "Apply any vendor\u2011released patches once they are available."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is SIPP, an open\u2011source SIP traffic generator and testing tool. The vulnerability exists only in version 3.3. No other versions are listed in the CNA data. The vendor is referred to as Sipp.", "description_and_impact": "SIPP version 3.3 implements a stack\u2011based buffer overflow in its configuration file parser. A local, unauthenticated attacker can create a configuration file with oversized fields. When SIPP loads the file, the oversized values overflow the stack buffer, overwriting the return address and allowing the attacker to control program execution using return\u2011oriented programming gadgets. Because the vulnerability permits arbitrary code execution, it can compromise the host or the user executing the application.", "risk_and_exploitability": "The CVSS score of 8.6 classifies this issue as high severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. The attack requires local access to the system where SIPP runs; the attacker must be able to place a malicious configuration file that the application will subsequently read. Because the flaw allows arbitrary code execution, the potential damage is complete takeover while the vulnerability remains open. The likelihood of exploitation depends on the prevalence of SIPP 3.3 deployments, but no public exploit has been observed beyond the proof of concept in the references."}}}}, "created": "2026-03-29T20:32:13.635338+00:00", "updated": "2026-03-30T06:59:07.392052+00:00", "vendors": ["sipp", "sipp$PRODUCT$sipp"]}