Home / Vulnerability Intelligence / CVE-2018-25258

CVE-2018-25258 - Vulnerability Analysis

HighCVSS: 8.4

Last Updated: April 12, 2026

RGui - Buffer Overflow

Published: April 12, 2026Updated: April 12, 2026

Overview

RGui 3.5.0 contains a buffer overflow caused by improper handling of input in the GUI preferences dialog's Language for menus and messages field, letting local attackers bypass DEP and execute arbitrary code via structured exception handling.

Severity & Score

Severity: High

CVSS Score: 8.4

Impact

Local attackers can execute arbitrary code by exploiting a stack-based buffer overflow, bypassing DEP protections.

Mitigation

Update to the latest version containing the fix.

References

https://cran.r-project.org/bin/windows/base/old/3.5.0/R-3.5.0-win.exe
https://www.exploit-db.com/exploits/46107
https://www.r-project.org/
https://www.vulncheck.com/advisories/rgui-local-buffer-overflow-seh-dep-bypass

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2018-25258
Severity: High
CVSS Score: 8.4
Type: buffer_overflow
Status: new

CWE

CWE-434

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H