Vulnerabilities ›

CVE-2018-25246

High

CWE-306 — Weakness Type

                    Published: Apr 4, 2026                      ·  Modified: Apr 11, 2026                      ·  Source: NVD                

CVSS v3

7.5

🔗 NVD Official

📄 Description (English)

Wikipedia 12.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting oversized input through the search functionality. Attackers can paste a large buffer of repeated characters into the search bar to trigger an application crash.

🤖 AI Executive Summary

CVE-2018-25246 is a denial of service vulnerability in Wikipedia 12.0 that allows unauthenticated attackers to crash the application by submitting oversized input through the search functionality. The vulnerability requires no authentication and can be exploited by simply pasting large buffers of repeated characters into the search bar. With a CVSS score of 7.5 and no available patch, this poses a moderate availability risk to organizations relying on Wikipedia for critical information access.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 30, 2026 01:18

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily impacts Saudi government agencies, educational institutions, and research organizations that rely on Wikipedia for information access and reference. The Saudi National Center for Cybersecurity (NCA) and academic institutions under the Ministry of Education are most at risk. The denial of service impact is moderate since Wikipedia is typically used for reference rather than critical operations, but could disrupt research activities and information gathering in government and educational sectors.

🏢 Affected Saudi Sectors

Government Education Research Institutions Healthcare Public Information Services

🎯 MITRE ATT&CK Techniques

T1499 - Endpoint Denial of Service T1499.004 - Application Exhaustion Flood T1190 - Exploit Public-Facing Application

⚖️ Saudi Risk Score (AI)

5.2

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Monitor Wikipedia search functionality for unusual input patterns and oversized requests

2. Implement input validation and size limits on search queries at the network perimeter

3. Deploy rate limiting on search endpoints to prevent abuse

4. Configure Web Application Firewall (WAF) rules to block requests with excessively large payloads (>10MB)



Compensating Controls:

5. Implement request timeout mechanisms to prevent application hangs

6. Deploy load balancing to distribute search traffic and improve resilience

7. Maintain alternative information sources and offline documentation

8. Enable detailed logging of search requests for anomaly detection



Detection Rules:

9. Alert on search requests exceeding 1MB in size

10. Monitor for repeated identical character patterns in search queries

11. Track application response times and crash events

12. Implement IDS/IPS signatures for oversized HTTP POST requests

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. مراقبة وظيفة البحث في ويكيبيديا للكشف عن أنماط المدخلات غير العادية والطلبات الكبيرة الحجم

2. تطبيق التحقق من صحة المدخلات وحدود الحجم على استعلامات البحث على محيط الشبكة

3. نشر تحديد معدل على نقاط نهاية البحث لمنع الإساءة

4. تكوين قواعد جدار حماية تطبيقات الويب (WAF) لحجب الطلبات ذات الحمولات الكبيرة جداً (>10MB)



الضوابط البديلة:

5. تطبيق آليات انتهاء المهلة الزمنية للطلب لمنع تعليق التطبيق

6. نشر موازنة التحميل لتوزيع حركة البحث وتحسين المرونة

7. الحفاظ على مصادر معلومات بديلة وتوثيق دون اتصال

8. تفعيل تسجيل مفصل لطلبات البحث للكشف عن الشذوذ



قواعد الكشف:

9. تنبيه على طلبات البحث التي تتجاوز 1MB في الحجم

10. مراقبة أنماط الأحرف المتطابقة المكررة في استعلامات البحث

11. تتبع أوقات استجابة التطبيق وأحداث الأعطال

12. تطبيق توقيعات IDS/IPS لطلبات HTTP POST الكبيرة الحجم

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.12.6.1 - Management of technical vulnerabilities ECC 2024 A.12.2.1 - Change management procedures ECC 2024 A.13.1.3 - Segregation of networks

🔵 SAMA CSF

SAMA CSF ID.BE-5 - Organizational resilience SAMA CSF PR.DS-6 - Integrity checking mechanisms SAMA CSF DE.CM-1 - Network monitoring

🟡 ISO 27001:2022

ISO 27001:2022 A.12.2.1 - Change management ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities ISO 27001:2022 A.13.1.3 - Segregation of networks

🔗 References & Sources 2

🔗

https://www.exploit-db.com/exploits/45324

disclosure@vulncheck.com

🔗

https://www.microsoft.com/en-us/p/wikipedia/9wzdncrfhwm4?activetab=pivot%3aoverviewtab

disclosure@vulncheck.com

📊 CVSS Score

7.5

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.5

CWECWE-306

EPSS0.04%

Exploit No

Patch ✗ No

Published 2026-04-04

Source Feed nvd

🇸🇦 Saudi Risk Score

5.2

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-306

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2018-25246

💬 Comments

Introduce Yourself

Sign In Required