CVE-2018-25368
Deferred Deferred - Pending Action

Nord VPN 6.14.31 Denial of Service via Password Field

Vulnerability report for CVE-2018-25368, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-25

Last updated on: 2026-05-25

Assigner: VulnCheck

Description

Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers can paste a buffer of repeated characters into the password input field to trigger an application crash when attempting to authenticate.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-25
Last Modified
2026-05-25
Generated
2026-07-06
AI Q&A
2026-05-26
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
nordvpn nord_vpn 6.14.31

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-789 The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in Nord VPN version 6.14.31 and is a denial of service issue. It allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Specifically, an attacker can paste a buffer of repeated characters into the password input field, which triggers the application to crash when it attempts to authenticate.

Impact Analysis

The impact of this vulnerability is a denial of service condition. An attacker can cause the Nord VPN application to crash by submitting a specially crafted long password string, potentially disrupting your ability to use the VPN service until the application is restarted or fixed.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25368. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart