CVE-2018-25137

CVE Database · CVE-2018-25137

CVE-2018-25137

· HIGHDeferred

CVSS v3.1

7.5

CVSS v4.0

8.7

EPSS

0.43%

Published

Dec 24, 2025

Modified

Apr 14, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability in the ExportConfig REST API that allows attackers to download sensitive configuration files. Attackers can exploit the getConfigExportFile.cgi endpoint to retrieve system configurations, potentially enabling authentication bypass and privilege escalation.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-306

References (4)

http://www.brickstream.com

https://www.exploit-db.com/exploits/45599

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5495.php

KEV Catalog EPSS Scores Vendors All CVEs