CVE-2018-25041

A vulnerability was found in uTorrent. It has been rated as critical. Affected by this issue is some unknown functionality of the component JSON RPC Server. The manipulation leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
Configurations

Configuration 1 (hide)

cpe:2.3:a:utorrent:web:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:03

Type Values Removed Values Added
CVSS v2 : 6.8
v3 : 8.8
v2 : 6.8
v3 : 6.3
References () http://lock.cmpxchg8b.com/Moer0kae.html - Broken Link () http://lock.cmpxchg8b.com/Moer0kae.html - Broken Link
References () https://bugs.chromium.org/p/project-zero/issues/detail?id=1524 - Mailing List, Third Party Advisory () https://bugs.chromium.org/p/project-zero/issues/detail?id=1524 - Mailing List, Third Party Advisory
References () https://vuldb.com/?id.113804 - Exploit, Third Party Advisory () https://vuldb.com/?id.113804 - Exploit, Third Party Advisory
References () https://www.scmagazineuk.com/utorrent-apps-vulnerable-to-remote-code-execution-information-disclosure/article/746248/ - Not Applicable () https://www.scmagazineuk.com/utorrent-apps-vulnerable-to-remote-code-execution-information-disclosure/article/746248/ - Not Applicable

27 Jun 2022, 19:01

Type Values Removed Values Added
References (MISC) https://www.scmagazineuk.com/utorrent-apps-vulnerable-to-remote-code-execution-information-disclosure/article/746248/ - (MISC) https://www.scmagazineuk.com/utorrent-apps-vulnerable-to-remote-code-execution-information-disclosure/article/746248/ - Not Applicable
References (MISC) https://bugs.chromium.org/p/project-zero/issues/detail?id=1524 - (MISC) https://bugs.chromium.org/p/project-zero/issues/detail?id=1524 - Mailing List, Third Party Advisory
References (MISC) http://lock.cmpxchg8b.com/Moer0kae.html - (MISC) http://lock.cmpxchg8b.com/Moer0kae.html - Broken Link
References (MISC) https://vuldb.com/?id.113804 - (MISC) https://vuldb.com/?id.113804 - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 6.8
v3 : 8.8
CPE cpe:2.3:a:utorrent:web:-:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo

17 Jun 2022, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-06-17 13:15

Updated : 2024-11-21 04:03


NVD link : CVE-2018-25041

Mitre link : CVE-2018-25041

CVE.ORG link : CVE-2018-25041


JSON object : View

Products Affected

utorrent

  • web
CWE
CWE-269

Improper Privilege Management

NVD-CWE-noinfo