High severity8.4NVD Advisory· Published Apr 12, 2026· Updated Apr 15, 2026

CVE-2018-25258

Description

RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based buffer overflow, execute a ROP chain for VirtualAlloc allocation, and achieve arbitrary code execution.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cran.r-project.org/bin/windows/base/old/3.5.0/R-3.5.0-win.exenvd
www.exploit-db.com/exploits/46107nvd
www.r-project.orgnvd
www.vulncheck.com/advisories/rgui-local-buffer-overflow-seh-dep-bypassnvd

News mentions

No linked articles in our index yet.

cvss	0.546
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000