CVE-2018-25159

Epross AVCON6 systems management platform contains an object-graph navigation language (OGNL) injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. Attackers can send crafted requests to the login.action endpoint with OGNL payloads in the redirect parameter to instantiate ProcessBuilder objects and execute system commands with root privileges.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.exploit-db.com/exploits/47379
https://www.vulncheck.com/advisories/epross-avcon6-ognl-remote-code-execution-via-login-action

Configurations

No configuration.

History

15 Apr 2026, 14:56

Type	Values Removed	Values Added
Summary		(es) La plataforma de gestión de sistemas Epross AVCON6 contiene una vulnerabilidad de inyección de lenguaje de navegación de grafos de objetos (OGNL) que permite a atacantes no autenticados ejecutar comandos arbitrarios inyectando expresiones OGNL maliciosas. Los atacantes pueden enviar solicitudes manipuladas al endpoint login.action con cargas útiles OGNL en el parámetro redirect para instanciar objetos ProcessBuilder y ejecutar comandos del sistema con privilegios de root.

11 Mar 2026, 22:16

Type	Values Removed	Values Added
References	~~{'url': 'https://www.vulncheck.com/advisories/epross-avcon-ognl-remote-code-execution-via-loginaction', 'source': 'disclosure@vulncheck.com'}~~	() https://www.vulncheck.com/advisories/epross-avcon6-ognl-remote-code-execution-via-login-action -

11 Mar 2026, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-11 19:15

Updated : 2026-04-15 14:56

NVD link : CVE-2018-25159

Mitre link : CVE-2018-25159

CVE.ORG link : CVE-2018-25159

JSON object : View

Products Affected

No product.

CWE

CWE-1334

Unauthorized Error Injection Can Degrade Hardware Redundancy

{"id": "CVE-2018-25159", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-11T19:15:59.020", "references": [{"url": "https://www.exploit-db.com/exploits/47379", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/epross-avcon6-ognl-remote-code-execution-via-login-action", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-1334"}]}], "descriptions": [{"lang": "en", "value": "Epross AVCON6 systems management platform contains an object-graph navigation language (OGNL) injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. Attackers can send crafted requests to the login.action endpoint with OGNL payloads in the redirect parameter to instantiate ProcessBuilder objects and execute system commands with root privileges."}, {"lang": "es", "value": "La plataforma de gesti\u00f3n de sistemas Epross AVCON6 contiene una vulnerabilidad de inyecci\u00f3n de lenguaje de navegaci\u00f3n de grafos de objetos (OGNL) que permite a atacantes no autenticados ejecutar comandos arbitrarios inyectando expresiones OGNL maliciosas. Los atacantes pueden enviar solicitudes manipuladas al endpoint login.action con cargas \u00fatiles OGNL en el par\u00e1metro redirect para instanciar objetos ProcessBuilder y ejecutar comandos del sistema con privilegios de root."}], "lastModified": "2026-04-15T14:56:45.970", "sourceIdentifier": "disclosure@vulncheck.com"}