← back
CVE-2018-25299

Prime95 29.4b8 Local Buffer Overflow via SEH

CVSS 8.6 HIGHEPSS 0.2%CWE-120
Vexday Risk Score
41Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 8.6EPSS 0.2%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
29 Apr 2026Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can inject malicious payload through the optional proxy hostname field in the PrimeNet connection settings to trigger the overflow and execute system commands.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Mersenne · Prime95
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.