{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2018-25159", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-02-22T14:41:38.776Z", "datePublished": "2026-03-11T18:23:07.407Z", "dateUpdated": "2026-04-07T14:03:50.611Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-07T14:03:50.611Z" }, "title": "Epross AVCON6 OGNL Remote Code Execution via login.action", "problemTypes": [ { "descriptions": [ { "lang": "en", "cweId": "CWE-1334", "description": "CWE-1334 Unauthorized Error Injection Can Degrade Hardware Redundancy", "type": "CWE" } ] } ], "affected": [ { "vendor": "Epross", "product": "AVCON6 systems management platform", "versions": [ { "status": "affected", "version": "*" } ], "defaultStatus": "unaffected" } ], "descriptions": [ { "lang": "en", "value": "Epross AVCON6 systems management platform contains an object-graph navigation language (OGNL) injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. Attackers can send crafted requests to the login.action endpoint with OGNL payloads in the redirect parameter to instantiate ProcessBuilder objects and execute system commands with root privileges.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "
Epross AVCON6 systems management platform contains an object-graph navigation language (OGNL) injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. Attackers can send crafted requests to the login.action endpoint with OGNL payloads in the redirect parameter to instantiate ProcessBuilder objects and execute system commands with root privileges.
" } ] } ], "references": [ { "url": "https://www.exploit-db.com/exploits/47379", "name": "ExploitDB-47379", "tags": [ "exploit" ] }, { "url": "https://www.vulncheck.com/advisories/epross-avcon6-ognl-remote-code-execution-via-login-action", "name": "VulnCheck Advisory: Epross AVCON6 OGNL Remote Code Execution via login.action", "tags": [ "third-party-advisory" ] } ], "metrics": [ { "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ], "cvssV4_0": { "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "CRITICAL", "baseScore": 9.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" } }, { "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ], "cvssV3_1": { "version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "CRITICAL", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } } ], "credits": [ { "lang": "en", "value": "Nassim Asrir", "type": "finder" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "vulncheck" }, "datePublic": "2019-09-11T00:00:00.000Z" }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "id": "CVE-2018-25159", "role": "CISA Coordinator", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "version": "2.0.3", "timestamp": "2026-03-11T18:44:37.423005Z" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T19:31:04.055Z" } } ] } }