CVE-2018-25215

Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long string to the 'E-Mail and Registrations Code' field. Attackers can paste a crafted payload containing 5000 bytes of data into the registration field to trigger a crash when the Register button is clicked.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.exploit-db.com/exploits/46003	Exploit VDB Entry
https://www.recoverlostpassword.com/	Product
https://www.vulncheck.com/advisories/excel-password-recovery-professional-local-buffer-overflow-dos	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:passfab:excel_password_recovery:8.2.0.0:*:*:*:*:*:*:*

History

31 Mar 2026, 15:17

Type	Values Removed	Values Added
CPE		cpe:2.3:a:passfab:excel_password_recovery:8.2.0.0:::::::*
First Time		Passfab excel Password Recovery Passfab
Summary		(es) Excel Password Recovery Professional 8.2.0.0 contiene una vulnerabilidad local de desbordamiento de búfer que permite a los atacantes causar una denegación de servicio al proporcionar una cadena excesivamente larga al campo 'E-Mail and Registrations Code'. Los atacantes pueden pegar una carga útil diseñada que contiene 5000 bytes de datos en el campo de registro para desencadenar un fallo cuando se hace clic en el botón 'Register'.
References	~~() https://www.exploit-db.com/exploits/46003 -~~	() https://www.exploit-db.com/exploits/46003 - Exploit, VDB Entry
References	~~() https://www.recoverlostpassword.com/ -~~	() https://www.recoverlostpassword.com/ - Product
References	~~() https://www.vulncheck.com/advisories/excel-password-recovery-professional-local-buffer-overflow-dos -~~	() https://www.vulncheck.com/advisories/excel-password-recovery-professional-local-buffer-overflow-dos - Third Party Advisory

26 Mar 2026, 14:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-26 14:16

Updated : 2026-03-31 15:17

NVD link : CVE-2018-25215

Mitre link : CVE-2018-25215

CVE.ORG link : CVE-2018-25215

JSON object : View

Products Affected

passfab

excel_password_recovery

CWE

CWE-787

Out-of-bounds Write

5.5 /10