This page collects WhisperX intelligence signals tagged #CVE-2018-25223. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical, unpatched vulnerability in the Crashmail 1.6 software presents a direct path for remote attackers to seize control of affected systems. Designated CVE-2018-25223, this flaw carries a maximum severity CVSS score of 9.8, indicating a trivial attack vector with no required privileges that can lead to full syst...
一款名为 Crashmail 的邮件应用被曝存在一个严重的安全漏洞,攻击者无需任何权限即可远程执行任意代码。该漏洞被标记为 CVE-2018-25223,其通用漏洞评分系统(CVSS)评分高达 9.8 分,属于最高级别的“严重”风险。GitHub 安全公告(GHSA)同样将其归类为“严重”级别,并确认其核心问题是 CWE-787 类型的“越界写入”漏洞。 具体而言,Crashmail 1.6 版本中存在一个基于栈的缓冲区溢出漏洞。远程攻击者可以通过向应用程序发送恶意构造的输入来触发此漏洞。利用此漏洞,攻击者能够构建包含ROP链的载荷,从而在应用程序的上下文中执行任意代码。即使利用尝试失败,也可能导致应用程序崩溃,引发拒绝服务。该漏...