Vulnerabilities ›

CVE-2018-25253

Medium

Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local att

CWE-787 — Weakness Type

                    Published: Apr 4, 2026                      ·  Modified: Apr 7, 2026                      ·  Source: NVD                

CVSS v3

6.2

🔗 NVD Official

📄 Description (English)

Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Attackers can paste a 2000-byte payload into the Settings User interface language field to crash the application.

🤖 AI Executive Summary

CVE-2018-25253 is a local buffer overflow vulnerability in Termite 3.4 affecting the User interface language settings field. An attacker with local access can crash the application by inputting an excessively long string (2000+ bytes), causing denial of service. While no public exploit exists and no patch is available, the vulnerability poses a risk to organizations using this terminal emulator in sensitive environments.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 22, 2026 00:24

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily affects Saudi government agencies, research institutions, and telecommunications companies (STC, Mobily) that utilize Termite as a terminal emulator for system administration and network management. The local-only attack vector limits exposure, but organizations with shared workstations or multi-user systems face elevated risk. Impact is primarily availability-focused (DoS), affecting operational continuity rather than data confidentiality or integrity.

🏢 Affected Saudi Sectors

Government Telecommunications Research & Education Energy Healthcare IT Infrastructure

🎯 MITRE ATT&CK Techniques

T1499 - Endpoint Denial of Service T1203 - Exploitation for Client Execution T1189 - Drive-by Compromise

⚖️ Saudi Risk Score (AI)

4.2

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Identify all systems running Termite 3.4 across your organization

2. Restrict local access to systems running Termite through access controls and user privilege management

3. Implement application whitelisting to prevent unauthorized execution



Compensating Controls (no patch available):

1. Disable or remove Termite 3.4 if alternative terminal emulators are available (PuTTY, SecureCRT, MobaXterm)

2. Upgrade to Termite 4.x or later versions if available

3. Implement input validation at the application wrapper level if possible

4. Monitor for application crashes and unexpected terminations

5. Restrict user permissions to prevent access to Settings/Language configuration



Detection:

1. Monitor system logs for Termite crashes or unexpected terminations

2. Implement file integrity monitoring on Termite installation directory

3. Track failed application launches and error codes

4. Use endpoint detection and response (EDR) tools to identify suspicious process behavior

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع الأنظمة التي تعمل بـ Termite 3.4 في المنظمة

2. تقييد الوصول المحلي للأنظمة من خلال عناصر التحكم في الوصول وإدارة امتيازات المستخدم

3. تطبيق قائمة بيضاء للتطبيقات لمنع التنفيذ غير المصرح به



عناصر التحكم البديلة (لا يوجد تصحيح متاح):

1. تعطيل أو إزالة Termite 3.4 إذا كانت محاكيات طرفية بديلة متاحة

2. الترقية إلى Termite 4.x أو إصدارات أحدث إن أمكن

3. تطبيق التحقق من صحة الإدخال على مستوى غلاف التطبيق

4. مراقبة أعطال التطبيق والإنهاءات غير المتوقعة

5. تقييد أذونات المستخدم لمنع الوصول إلى إعدادات اللغة



الكشف:

1. مراقبة سجلات النظام لأعطال Termite والإنهاءات غير المتوقعة

2. تطبيق مراقبة سلامة الملفات على دليل تثبيت Termite

3. تتبع عمليات الإطلاق الفاشلة ورموز الأخطاء

4. استخدام أدوات الكشف والاستجابة على نقطة النهاية (EDR)

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.5.1.1 - Information security policies and procedures A.5.2.1 - User access management A.5.3.1 - Segregation of duties A.8.1.1 - Asset inventory and management

🔵 SAMA CSF

ID.AM-1 - Asset Management PR.AC-1 - Access Control Policy PR.AC-4 - Access Rights Management DE.CM-1 - System Monitoring

🟡 ISO 27001:2022

A.5.1.1 - Information security policies A.6.1.1 - Information security roles and responsibilities A.8.1.1 - Asset inventory A.9.1.1 - Access control policy

🔗 References & Sources 4

🔗

https://www.compuphase.com

disclosure@vulncheck.com

🔗

https://www.compuphase.com/software_termite.htm

disclosure@vulncheck.com

🔗

https://www.exploit-db.com/exploits/45453

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/termite-denial-of-service-via-settings-buffer-over...

disclosure@vulncheck.com

📊 CVSS Score

6.2

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityH — High

📋 Quick Facts

Severity Medium

CVSS Score6.2

CWECWE-787

EPSS0.02%

Exploit No

Patch ✗ No

Published 2026-04-04

Source Feed nvd

🇸🇦 Saudi Risk Score

4.2

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-787

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2018-25253

Introduce Yourself

Sign In Required