CVE-2018-25258 HIGH

CVE-2018-25258: RGui 3.5.0 Local Buffer Overflow SEH DEP Bypass

Vendor R-Project
Product RGui
Weakness CWE-434 · Unrestricted file upload
Published April 12, 2026
Last update April 13, 2026

CVSS base score

8.6/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based buffer overflow, execute a ROP chain for VirtualAlloc allocation, and achieve arbitrary code execution.

Key dates

02Disclosure timeline

April 12, 2026 CVE published
April 13, 2026 Record updated

Related vulnerabilities

04Related CVE