RCE in Acl Analytics
CVE-2018-25320
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious Powe…
Vulnerability class: RCE (Remote Code Execution)
EPSS: 0.001 (31.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Acl Analytics — versions 11.x - 13.0.0.579, 11.0
Weakness classification (CWE)
References
- Official Product Homepage (product)
- Product Reference (product)
- ExploitDB-44281 (exploit)
- VulnCheck Advisory: ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution (third-party-advisory)
Frequently asked questions
- What is CVE-2018-25320?
- CVE-2018-25320 is a critical-severity vulnerability in Acl Analytics, classified under Code Injection. CVSS score: 9.8/10. Published 2026-05-17.
- How severe is CVE-2018-25320?
- Critical severity. CVSS v3 base score is 9.8 out of 10.