# CVE-2018-25272

> Vulnerability · severity: **CRITICAL** (CVSS 9.8).

## Description

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands via the xp_cmdshell stored procedure or add backdoor users to the BEDIENER table.

## Key facts

- **CVE ID:** CVE-2018-25272
- **Published:** 2026-04-22
- **CVSS severity:** CRITICAL
- **CVSS base score:** 9.8
- **CWE codes:** CWE-326

## Primary sources

- NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2018-25272

## Citation

> AI Analytics. CVE-2018-25272. Retrieved 2026-06-26 from https://api.ai-analytics.org/cve/CVE-2018-25272. Derived from NIST NVD. Licensed CC0.

---

*[Dataset catalog](https://api.ai-analytics.org/datasets/) · [AI Analytics](https://api.ai-analytics.org/) · CC0 1.0*