CVE-2018-25031

4.3MEDIUM

Key Information

Vendor: Smartbear
Status: Swagger Ui
Vendor: CVE Published:; 11 March 2022

Badges

👾 Exploit Exists🔴 Public PoC

Summary

Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2018-25031
Created by afine-com

SwaggerUI-CVE-2018-25031
Created by rafaelcintralopes

CVE-2018-25031-SG
Created by KonEch0

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit exists.
Aug 6, 2024
Vulnerability published.
Mar 11, 2022
Vulnerability Reserved.
Mar 11, 2022

Collectors

NVD DatabaseMitre Database6 Proof of Concept(s)