What is CVE-2018-25294?

CVE-2018-25294 is a high-severity vulnerability in Cewe-photoworld Cewe Photoshow, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). CVSS score: 7.5/10. Published 2026-04-26.

How severe is CVE-2018-25294?

High severity. CVSS v3 base score is 7.5 out of 10.

Buffer overflow in Cewe-photoworld Cewe Photoshow

CVE-2018-25294

CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fie…

Vulnerability class: Buffer Overflow

EPSS: 0.001 (18.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Cewe-photoworld Cewe Photoshow — versions 6.3.4

Weakness classification (CWE)

CWE-120 — Buffer Copy without Checking Size of Input (Classic Buffer Overflow)

References

ExploitDB-45211 (exploit)
Official Product Homepage (product)
Product Reference (product)
VulnCheck Advisory: CEWE Photoshow 6.3.4 Buffer Overflow Denial of Service (third-party-advisory)

Frequently asked questions

What is CVE-2018-25294?: CVE-2018-25294 is a high-severity vulnerability in Cewe-photoworld Cewe Photoshow, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). CVSS score: 7.5/10. Published 2026-04-26.
How severe is CVE-2018-25294?: High severity. CVSS v3 base score is 7.5 out of 10.