Security readout for executives and security teams
Plain-English summary
CVE-2018-25231 is a local denial-of-service issue in HeidiSQL 9.5.0.5196. A person with access to the application can enter an excessively long SQL log file path in preferences and crash HeidiSQL. This affects application availability, not data confidentiality or integrity based on the provided sources.
Executive priority
Treat as a moderate workstation resilience issue. It is not evidenced as remotely exploitable or actively exploited, but public exploit information exists. Prioritize affected systems used by database administrators or other roles where a client crash could interrupt operations.
Technical view
The reported flaw affects HeidiSQL 9.5.0.5196 and is triggered through the logging preferences file path field. The CVSS 4.0 vector is local, low complexity, no privileges, no user interaction, with high vulnerable-system availability impact. The bundle labels CWE-98, but the described behavior is a crash from an oversized path input.
Likely exposure
Exposure is most relevant on endpoints or admin workstations running HeidiSQL 9.5.0.5196. Because attack vector is local, risk depends on who can access the application session or workstation. Servers are not directly exposed unless HeidiSQL is installed and accessible there.
Exploitation context
An Exploit-DB reference exists, so public exploit information is available. The source bundle does not show CISA KEV listing or confirmed active exploitation. The issue appears limited to crashing the local HeidiSQL client rather than remote compromise.
Researcher notes
Evidence is limited to the provided CVE data, VulnCheck advisory reference, HeidiSQL product pages, and Exploit-DB listing. No fix version, vendor advisory details, or active exploitation claim is included in the bundle. The CWE mapping may not cleanly match the described buffer-overflow-style denial of service.
Mitigation direction
- Inventory HeidiSQL installations and identify version 9.5.0.5196.
- Review HeidiSQL official download and vendor guidance for current supported releases.
- Prioritize replacement or upgrade of affected legacy installations where operationally feasible.
- Restrict local workstation access to trusted users only.
- Avoid relying on HeidiSQL 9.5.0.5196 for critical administrative availability.
Validation and detection
- Confirm whether HeidiSQL 9.5.0.5196 is installed on managed endpoints.
- Check software inventory, endpoint telemetry, or package records for HeidiSQL versions.
- Review whether the affected application is used for critical database administration.
- Do not reproduce the crash on production administrator workstations.
- Track vendor or advisory updates for clarified fixed-version information.
Public sources used
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CWE-98: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Open ATT&CK lookupCVE-2018-25231 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Medium
- CVSS
- 6.9 (4.0)
- Known Exploited
- No
- Published
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS vector scores
1 official scoreWe collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N——Primary CVE scoreVulnerability scoring details
Base CVSS 4.0 score
6.9MediumVector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Source materials
- CVE List V5 sourceCVE List V5
- ExploitDB-45806CVE reference · exploit
- Official Product HomepageCVE reference · product
- Product ReferenceCVE reference · product
- VulnCheck Advisory: HeidiSQL 9.5.0.5196 Denial of Service via PreferencesCVE reference · third-party-advisory
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
