Is there a public PoC exploit available for CVE-2018-25169?

Yes, a public proof-of-concept exploit is available for CVE-2018-25169. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2018-25169?

Within 24 hours: Identify all systems running AMPPS 2.7 and assess business criticality; implement network-level access controls to restrict HTTP port access to trusted sources only. Within 7 days: Evaluate upgrade to a patched AMPPS version or migrate to an alternative application server; conduct risk assessment for systems that cannot be immediately remediated. Within 30 days: Complete migration or upgrade of all affected AMPPS instances; validate remediation through penetration testing of remaining systems.

CVE-2018-25169

Q: What is the CVSS score of CVE-2018-25169?

CVE-2018-25169 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

HIGH

Initialization of a Resource with an Insecure Default (CWE-1188)

2026-03-06 disclosure@vulncheck.com

Denial Of Service

8.7

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

8.7 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 15, 2026 - 15:22 NVD

7.5 (HIGH) 8.7 (HIGH)

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

PoC Detected

Mar 09, 2026 - 13:35 vuln.today

Public exploit code

CVE Published

Mar 06, 2026 - 13:15 nvd

HIGH 7.5

DescriptionCVE.org

AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish multiple socket connections and transmit invalid payloads to exhaust server resources and cause service unavailability.

AnalysisAI

Technical ContextAI

Affected ProductsAI

AMPPS 2.7 contains a denial of service vulnerability that

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2018-25169 vulnerability details – vuln.today

Back