CVE-2018-25193

Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service unavailability.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.exploit-db.com/exploits/45819
https://www.vulncheck.com/advisories/mongoose-web-server-denial-of-service-via-socket-connection

Configurations

No configuration.

History

15 Apr 2026, 14:53

Type	Values Removed	Values Added
Summary		(es) Mongoose Servidor Web 6.9 contiene una vulnerabilidad de denegación de servicio que permite a atacantes remotos colapsar el servicio estableciendo múltiples conexiones de socket. Los atacantes pueden crear repetidamente conexiones al puerto predeterminado y enviar datos malformados para agotar los recursos del servidor y causar la indisponibilidad del servicio.

06 Mar 2026, 13:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-06 13:16

Updated : 2026-04-15 14:53

NVD link : CVE-2018-25193

Mitre link : CVE-2018-25193

CVE.ORG link : CVE-2018-25193

JSON object : View

Products Affected

No product.

CWE

CWE-1188

Insecure Default Initialization of Resource

{"id": "CVE-2018-25193", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-06T13:16:02.347", "references": [{"url": "https://www.exploit-db.com/exploits/45819", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/mongoose-web-server-denial-of-service-via-socket-connection", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-1188"}]}], "descriptions": [{"lang": "en", "value": "Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service unavailability."}, {"lang": "es", "value": "Mongoose Servidor Web 6.9 contiene una vulnerabilidad de denegaci\u00f3n de servicio que permite a atacantes remotos colapsar el servicio estableciendo m\u00faltiples conexiones de socket. Los atacantes pueden crear repetidamente conexiones al puerto predeterminado y enviar datos malformados para agotar los recursos del servidor y causar la indisponibilidad del servicio."}], "lastModified": "2026-04-15T14:53:58.147", "sourceIdentifier": "disclosure@vulncheck.com"}