CVE-2018-25193 HIGH

CVE-2018-25193: Mongoose Web Server 6.9 Denial of Service via Socket Connection

Vendor Cesanta
Product Mongoose Web Server
Weakness CWE-1188
Published March 6, 2026
Last update March 9, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service unavailability.

Key dates

02Disclosure timeline

March 6, 2026 CVE published
March 9, 2026 Record updated