Is there a public PoC exploit available for CVE-2018-25180?

Yes, a public proof-of-concept exploit is available for CVE-2018-25180. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2018-25180?

Within 24 hours: Inventory all Maitra 1.7.2 instances and restrict access to outmail/inmail modules to essential users only. Within 7 days: Implement Web Application Firewall (WAF) rules to detect and block SQL injection patterns in mailid parameters; review access logs for suspicious activity. Within 30 days: Evaluate migration to a patched version or alternative solution; implement database activity monitoring and conduct vulnerability assessment of dependent systems.

CVE-2018-25180

Q: What is the CVSS score of CVE-2018-25180?

CVE-2018-25180 has a CVSS 4.0 base score of 7.1 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

HIGH

SQL Injection (CWE-89)

2026-03-06 disclosure@vulncheck.com

SQLi

7.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.1 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

PoC Detected

Mar 09, 2026 - 13:35 vuln.today

Public exploit code

CVE Published

Mar 06, 2026 - 13:16 nvd

HIGH 7.1

DescriptionCVE.org

Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmail modules. Attackers can also download the SQLite database file directly from the application directory to extract sensitive mail tracking data and credentials.

AnalysisAI

Technical ContextAI

Classified as CWE-89 (SQL Injection). Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmail modules. Attackers can also download the SQLite database file directly from the application directory to extract sensitive mail tracking data and credentials.

Affected ProductsAI

Component: mailid.

RemediationAI

Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.

CVE-2018-25180 vulnerability details – vuln.today

Back