CVE-2018-25268 HIGH

CVE-2018-25268: LanSpy 2.0.1.159 Local Buffer Overflow via Scan Field

Vendor Lizardsystems
Product LanSpy
Weakness CWE-787
Published April 22, 2026
Last update April 22, 2026

CVSS base score

8.6/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

LanSpy 2.0.1.159 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying oversized input to the scan field. Attackers can craft a payload with 688 bytes of padding followed by 4 bytes of controlled data to crash the application or potentially achieve code execution.

Key dates

02Disclosure timeline

April 22, 2026 CVE published
April 22, 2026 Record updated