Critical severity9.8NVD Advisory· Published Apr 22, 2026· Updated Apr 29, 2026

CVE-2018-25272

Description

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands via the xp_cmdshell stored procedure or add backdoor users to the BEDIENER table.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.elba.atnvd
www.exploit-db.com/exploits/45905nvd
www.vulncheck.com/advisories/elba5-remote-code-execution-via-database-accessnvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000