{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2018-25232", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-30T10:58:26.053Z", "datePublished": "2026-03-30T11:02:23.817Z", "dateUpdated": "2026-03-30T15:59:46.180Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-30T11:02:23.817Z"}, "datePublic": "2018-11-02T00:00:00.000Z", "title": "Softros LAN Messenger 9.2 Denial of Service via Log Files Location", "descriptions": [{"lang": "en", "value": "Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field. Attackers can input a buffer of 2000 characters in the Log Files Location custom path parameter to trigger a crash when the OK button is clicked."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Validation of Specified Index, Position, or Offset in Input", "cweId": "CWE-1285", "type": "CWE"}]}], "affected": [{"vendor": "Messenger", "product": "Softros LAN Messenger", "versions": [{"version": "9.2", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/45781", "name": "ExploitDB-45781", "tags": ["exploit"]}, {"url": "https://messenger.softros.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://messenger.softros.com/downloads/", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: Softros LAN Messenger 9.2 Denial of Service via Log Files Location", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/softros-lan-messenger-denial-of-service-via-log-files-location"}], "credits": [{"lang": "en", "value": "Victor Mondrag\u00f3n", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T15:59:32.757051Z", "id": "CVE-2018-25232", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T15:59:46.180Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-25232", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T15:59:32.757051Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T15:59:40.657Z"}}], "cna": {"title": "Softros LAN Messenger 9.2 Denial of Service via Log Files Location", "credits": [{"lang": "en", "type": "finder", "value": "Victor Mondrag\u00f3n"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Messenger", "product": "Softros LAN Messenger", "versions": [{"status": "affected", "version": "9.2"}]}], "datePublic": "2018-11-02T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/45781", "name": "ExploitDB-45781", "tags": ["exploit"]}, {"url": "https://messenger.softros.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://messenger.softros.com/downloads/", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/softros-lan-messenger-denial-of-service-via-log-files-location", "name": "VulnCheck Advisory: Softros LAN Messenger 9.2 Denial of Service via Log Files Location", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field. Attackers can input a buffer of 2000 characters in the Log Files Location custom path parameter to trigger a crash when the OK button is clicked."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1285", "description": "Improper Validation of Specified Index, Position, or Offset in Input"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-30T11:02:23.817Z"}}}, "cveMetadata": {"cveId": "CVE-2018-25232", "state": "PUBLISHED", "dateUpdated": "2026-03-30T15:59:46.180Z", "dateReserved": "2026-03-30T10:58:26.053Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-30T11:02:23.817Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:softros:softros_lan_messenger:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A446C44-18E2-45C8-BEF2-B0761DD55260", "versionEndIncluding": "9.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field. Attackers can input a buffer of 2000 characters in the Log Files Location custom path parameter to trigger a crash when the OK button is clicked."}, {"lang": "es", "value": "Softros LAN Messenger 9.2 contiene una vulnerabilidad de denegaci\u00f3n de servicio que permite a atacantes locales bloquear la aplicaci\u00f3n al proporcionar una cadena excesivamente larga al campo de ubicaci\u00f3n de archivos de registro personalizados. Los atacantes pueden introducir un b\u00fafer de 2000 caracteres en el par\u00e1metro de ruta personalizada Log Files Location para provocar un bloqueo cuando se hace clic en el bot\u00f3n Aceptar."}], "id": "CVE-2018-25232", "lastModified": "2026-04-08T16:54:36.510", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-30T12:16:17.077", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://messenger.softros.com/"}, {"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://messenger.softros.com/downloads/"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/45781"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/softros-lan-messenger-denial-of-service-via-log-files-location"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1285"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.2"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Softros LAN Messenger", "source": "cna", "vendor": "Messenger"}, "product": "softros_lan_messenger", "vendor": "messenger"}], "analysis": {"en": {"generated_at": "2026-04-08T19:22:49.819866+00:00", "value": {"mitigation_remediation": ["Check the Softros website or support portal for an official patch or newer version that removes the vulnerability.", "If no patch is available, restrict local user rights so that only trusted administrators can change the Log Files Location setting.", "As a temporary workaround, avoid entering unusually long custom log file paths; use the default location or a short, reasonable path that stays within typical filesystem limits."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service (application crash)"}, "threat_synthesis": {"affected_systems": "The vulnerability is limited to Softros LAN Messenger version\u202f9.2. Users of other versions are not mentioned as affected and therefore are considered safe unless newer releases contain similar code.", "description_and_impact": "A local attacker can cause Softros LAN Messenger 9.2 to crash by entering an overly long string, up to 2000 characters, into the custom Log Files Location field. The program terminates when the OK button is pressed, resulting in a loss of service for the user. The flaw is an imprecise buffer handling error (CWE-1285).", "risk_and_exploitability": "The CVSS score of 6.8 indicates moderate severity, while the EPSS <\u202f1% suggests that exploitation in the wild is unlikely. The flaw is not listed in the CISA KEV catalog, and no automated exploits are publicly available beyond the manual demonstration on Exploit\u2011DB. The attack requires local access to the application\u2019s configuration interface, and it can be performed by any user who can launch the software and modify the log path. The resulting crash is a classic denial\u2011of\u2011service scenario. "}}}}, "created": "2026-03-30T20:55:52.417870+00:00", "updated": "2026-04-08T20:00:42.691046+00:00", "vendors": ["messenger", "messenger$PRODUCT$softros_lan_messenger"]}