Is there a public PoC exploit available for CVE-2018-25193?

Yes, a public proof-of-concept exploit is available for CVE-2018-25193. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2018-25193?

Within 24 hours: Inventory all systems running Mongoose Web Server 6.9 and assess criticality; implement network-level rate limiting on affected servers. Within 7 days: Deploy compensating controls including connection throttling, WAF rules to limit concurrent connections, and network segmentation to restrict access to Mongoose instances. Within 30 days: Evaluate alternative web server solutions or upgrade to a patched version when available; establish monitoring for suspicious connection patterns.

CVE-2018-25193

Q: What is the CVSS score of CVE-2018-25193?

CVE-2018-25193 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

HIGH

Initialization of a Resource with an Insecure Default (CWE-1188)

2026-03-06 disclosure@vulncheck.com

Denial Of Service

8.7

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

8.7 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 15, 2026 - 15:22 NVD

7.5 (HIGH) 8.7 (HIGH)

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

PoC Detected

Mar 09, 2026 - 13:35 vuln.today

Public exploit code

CVE Published

Mar 06, 2026 - 13:16 nvd

HIGH 7.5

DescriptionCVE.org

Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service unavailability.

AnalysisAI

Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. [CVSS 7.5 HIGH]

Technical ContextAI

Affected ProductsAI

Mongoose Web Server 6.9 contains a denial of service vulnerability that

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2018-25193 vulnerability details – vuln.today

Back