Buffer Overflow Vulnerability in Prime95 by Mersenne
CVE-2018-25293

6.9MEDIUM

Key Information:

Vendor

Mersenne

Status
Prime95
Vendor
CVE Published:
26 April 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2018-25293?

Prime95 version 29.4b7 has a critical buffer overflow vulnerability in the PrimeNet connection dialog. This flaw allows local attackers to crash the application by supplying an excessively long string (up to 6000 bytes) in the optional proxy password field. Upon entering such a payload, the application fails to process the connection settings correctly, leading to a denial of service.

Affected Version(s)

Prime95 29.4b7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2018-25293 - Proof of Concept

References

https://www.exploit-db.com/exploits/45226
exploit
http://www.mersenne.org
product
http://www.mersenne.org/ftp_root/gimps/p95v294b7.win32.zip
product

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Gionathan "John" Reale
.