CVE-2018-25159
Received Received - Intake
OGNL Injection in Epross AVCON6 Enables Root Command Execution

Publication date: 2026-03-11

Last updated on: 2026-03-11

Assigner: VulnCheck

Description
Epross AVCON6 systems management platform contains an object-graph navigation language (OGNL) injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. Attackers can send crafted requests to the login.action endpoint with OGNL payloads in the redirect parameter to instantiate ProcessBuilder objects and execute system commands with root privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-11
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2026-03-11
EPSS Evaluated
2026-06-14
NVD
CVE-2018-25159
EUVD
EUVD-2018-21653
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
epross avcon6 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1334 An unauthorized agent can inject errors into a redundant block to deprive the system of redundancy or put the system in a degraded operating mode.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2018-25159 is a vulnerability in the Epross AVCON6 systems management platform that allows unauthenticated attackers to execute arbitrary system commands remotely. This is possible because the platform's login.action endpoint improperly handles user input in the redirect parameter, allowing attackers to inject malicious OGNL (Object-Graph Navigation Language) expressions."}, {'type': 'paragraph', 'content': 'By injecting these expressions, attackers can instantiate Java ProcessBuilder objects to run commands on the server with root privileges, effectively taking control of the system without needing to authenticate.'}, {'type': 'paragraph', 'content': 'An exploit exists that sends specially crafted HTTP requests containing these OGNL payloads, which execute commands and return their output to the attacker.'}] [1]

Impact Analysis

This vulnerability can have severe impacts because it allows remote attackers to execute arbitrary commands on the affected system with root privileges without any authentication.

  • Attackers can take full control of the server, potentially leading to data theft, data destruction, or disruption of services.
  • It can be used to install malware, create backdoors, or pivot to other systems within the network.
  • Since the exploit returns command output, attackers can gather sensitive information about the system.
Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by sending specially crafted HTTP requests to the vulnerable server's login.action endpoint with malicious OGNL payloads in the redirect parameter. These requests attempt to execute arbitrary system commands remotely."}, {'type': 'paragraph', 'content': 'A practical detection method is to use a script or command that sends such a crafted request and observes if arbitrary commands are executed and their output returned.'}, {'type': 'paragraph', 'content': "For example, a Python script (as described in Resource 1) can be used to send a request with an OGNL injection payload to the target URL and execute commands like 'id' or 'whoami' to verify if the system is vulnerable."}, {'type': 'list_item', 'content': 'Use the Python exploit script from Resource 1 with the target URL and a command to execute, e.g., `python exploit.py http://target/login.action?redirect= id`.'}, {'type': 'list_item', 'content': 'Manually craft an HTTP request to the login.action endpoint with an OGNL payload in the redirect parameter that attempts to execute a harmless command and check the response for command output.'}] [1]

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25159. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart