CVE-2018-25272 CRITICAL

CVE-2018-25272: ELBA5 5.8.0 Remote Code Execution via Database Access

Vendor Elba
Product ELBA5
Weakness CWE-326 · Weak encryption
Published April 22, 2026
Last update April 22, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands via the xp_cmdshell stored procedure or add backdoor users to the BEDIENER table.

Key dates

02Disclosure timeline

April 22, 2026 CVE published
April 22, 2026 Record updated