CVE-2018-25159
OGNL Injection in Epross AVCON6 Enables Root Command Execution
Publication date: 2026-03-11
Last updated on: 2026-03-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| epross | avcon6 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1334 | An unauthorized agent can inject errors into a redundant block to deprive the system of redundancy or put the system in a degraded operating mode. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2018-25159 is a vulnerability in the Epross AVCON6 systems management platform that allows unauthenticated attackers to execute arbitrary system commands remotely. This is possible because the platform's login.action endpoint improperly handles user input in the redirect parameter, allowing attackers to inject malicious OGNL (Object-Graph Navigation Language) expressions."}, {'type': 'paragraph', 'content': 'By injecting these expressions, attackers can instantiate Java ProcessBuilder objects to run commands on the server with root privileges, effectively taking control of the system without needing to authenticate.'}, {'type': 'paragraph', 'content': 'An exploit exists that sends specially crafted HTTP requests containing these OGNL payloads, which execute commands and return their output to the attacker.'}] [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts because it allows remote attackers to execute arbitrary commands on the affected system with root privileges without any authentication.
- Attackers can take full control of the server, potentially leading to data theft, data destruction, or disruption of services.
- It can be used to install malware, create backdoors, or pivot to other systems within the network.
- Since the exploit returns command output, attackers can gather sensitive information about the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by sending specially crafted HTTP requests to the vulnerable server's login.action endpoint with malicious OGNL payloads in the redirect parameter. These requests attempt to execute arbitrary system commands remotely."}, {'type': 'paragraph', 'content': 'A practical detection method is to use a script or command that sends such a crafted request and observes if arbitrary commands are executed and their output returned.'}, {'type': 'paragraph', 'content': "For example, a Python script (as described in Resource 1) can be used to send a request with an OGNL injection payload to the target URL and execute commands like 'id' or 'whoami' to verify if the system is vulnerable."}, {'type': 'list_item', 'content': 'Use the Python exploit script from Resource 1 with the target URL and a command to execute, e.g., `python exploit.py http://target/login.action?redirect= id`.'}, {'type': 'list_item', 'content': 'Manually craft an HTTP request to the login.action endpoint with an OGNL payload in the redirect parameter that attempts to execute a harmless command and check the response for command output.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
I don't know