CVE-2018-25320 PUBLISHED

ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution

Assigner: VulnCheck
Reserved: 17.05.2026 Published: 17.05.2026 Updated: 17.05.2026

ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to establish reverse shells and gain complete system control.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 9.3

Product Status

Vendor acl
Product ACL Analytics
Versions
  • Version 11.x - 13.0.0.579 is affected

Credits

  • Clutchisback1 finder

References

Problem Types

  • Improper Control of Generation of Code ('Code Injection') CWE