CVE-2018-25299
Prime95 29.4b8 Local Buffer Overflow via SEH
Vexday Risk Score
41Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 8.6EPSS 0.2%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
29 Apr 2026Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can inject malicious payload through the optional proxy hostname field in the PrimeNet connection settings to trigger the overflow and execute system commands.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Mersenne · Prime95public PoCs found — 1
cve_referencewww.exploit-db.com/exploits/44649unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.