← back
CVE-2018-25295

ObserverIP Scan Tool 1.4.0.1 Denial of Service via IP Field

CVSS 6.9 MEDIUMEPSS 0.1%CWE-789
Vexday Risk Score
33Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 6.9EPSS 0.1%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
26 Apr 2026Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
ObserverIP Scan Tool 1.4.0.1 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the IP input field. Attackers can paste a 2000-byte buffer of repeated characters into the IP field and trigger a search operation to cause an application crash.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected products
P10 · ObserverIP Scan Tool
public PoCs found1
cve_referencewww.exploit-db.com/exploits/45204unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://p10.secure.hostingprod.com/@site.ambientweatherstore.com/ssl/iptools/IPTools64bit.exehttps://www.ambientweather.comhttps://www.exploit-db.com/exploits/45204https://www.vulncheck.com/advisories/observerip-scan-tool-denial-of-service-via-ip-field