CVE-2018-25320 CRITICAL

CVE-2018-25320: ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution

Vendor Acl
Product ACL Analytics
Weakness CWE-94 · Code injection
Published May 17, 2026
Last update May 26, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to establish reverse shells and gain complete system control.

Key dates

02Disclosure timeline

May 17, 2026 CVE published
May 26, 2026 Record updated