CVE-2018-25193
Received Received - Intake
Denial of Service in Mongoose Web Server via Malformed Connections

Publication date: 2026-03-06

Last updated on: 2026-03-06

Assigner: VulnCheck

Description
Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service unavailability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-06
Last Modified
2026-03-06
Generated
2026-06-16
AI Q&A
2026-03-06
EPSS Evaluated
2026-06-15
NVD
CVE-2018-25193
EUVD
EUVD-2018-21646
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cesanta mongoose_web_server to 6.9 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1188 The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2018-25193 is a denial of service vulnerability in Mongoose Web Server version 6.9 and earlier. It allows remote attackers to crash the server by repeatedly establishing multiple socket connections to the default port and sending malformed data.'}, {'type': 'paragraph', 'content': "This behavior exhausts the server's resources, causing the service to become unavailable."}, {'type': 'paragraph', 'content': 'The vulnerability requires no privileges, user interaction, or authentication, and can be exploited remotely over the network.'}] [1]

Impact Analysis

The vulnerability can cause a denial of service condition by exhausting server resources.

This results in the Mongoose Web Server crashing and becoming unavailable, which can disrupt services relying on it.

Since the attack can be performed remotely without authentication, it poses a significant risk to availability.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for an unusually high number of socket connections to the Mongoose Web Server\'s default port (usually port 8080). Repeated connection attempts sending malformed data such as the payload "BOOM" can indicate an ongoing attack.'}, {'type': 'paragraph', 'content': "A practical detection method is to use network monitoring tools or commands to observe multiple simultaneous connections to the server's port 8080."}, {'type': 'list_item', 'content': "Use netstat to check for many connections on port 8080: netstat -an | grep ':8080' | grep ESTABLISHED"}, {'type': 'list_item', 'content': 'Use tcpdump or Wireshark to capture and analyze traffic on port 8080 for repeated malformed payloads.'}, {'type': 'list_item', 'content': 'On Linux, use: sudo lsof -i :8080 to list open connections to the port.'}] [2]

Mitigation Strategies

[{'type': 'paragraph', 'content': "Immediate mitigation steps include limiting the number of simultaneous connections to the Mongoose Web Server's default port to prevent resource exhaustion."}, {'type': 'paragraph', 'content': 'Implement firewall rules or rate limiting to block or throttle repeated connection attempts from the same IP address.'}, {'type': 'paragraph', 'content': 'If possible, update the Mongoose Web Server to a version later than 6.9 where this vulnerability is fixed.'}, {'type': 'paragraph', 'content': 'Monitor server logs and network traffic for signs of attack and respond by blocking offending IPs.'}] [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25193. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart