{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/nordvpn/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2018-25368"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Nord VPN 6.14.31"],"_cs_severities":["medium"],"_cs_tags":["dos","denial-of-service","cve-2018-25368"],"_cs_type":"advisory","_cs_vendors":["NordVPN"],"content_html":"\u003cp\u003eNordVPN version 6.14.31 is susceptible to a denial-of-service (DoS) vulnerability, identified as CVE-2018-25368. This flaw allows an unauthenticated attacker to crash the NordVPN application by providing an excessively long string in the password input field during the authentication process. Specifically, an attacker can paste a large buffer of repeated characters into the password field, leading to a crash upon attempting to authenticate. This vulnerability was reported and assigned CVE-2018-25368.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable NordVPN client version (6.14.31).\u003c/li\u003e\n\u003cli\u003eThe attacker opens the NordVPN application login screen.\u003c/li\u003e\n\u003cli\u003eThe attacker inputs a valid or arbitrary username.\u003c/li\u003e\n\u003cli\u003eThe attacker pastes an excessively long string (buffer of repeated characters) into the password field.\u003c/li\u003e\n\u003cli\u003eThe attacker attempts to authenticate with the long password.\u003c/li\u003e\n\u003cli\u003eThe NordVPN application attempts to allocate memory for the excessively long string.\u003c/li\u003e\n\u003cli\u003eDue to insufficient input validation, the application attempts to allocate an excessive amount of memory.\u003c/li\u003e\n\u003cli\u003eThe application crashes due to a memory allocation error, resulting in a denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2018-25368 results in a denial-of-service condition, causing the NordVPN application to crash. This can disrupt VPN service for individual users and potentially impact organizations relying on NordVPN for secure communication. The vulnerability allows unauthenticated attackers to repeatedly crash the application, preventing legitimate users from establishing a VPN connection. The CVSS v3.1 base score is 7.5, indicating a high impact on availability.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade NordVPN to a version beyond 6.14.31 to patch CVE-2018-25368, as recommended by NordVPN.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect NordVPN Long Password DoS Attempt\u003c/code\u003e to identify potential exploitation attempts based on process creation events related to the NordVPN client.\u003c/li\u003e\n\u003cli\u003eMonitor application logs for abnormal memory allocation errors that may indicate exploitation of CVE-2018-25368.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T14:14:39Z","date_published":"2026-05-26T14:14:39Z","id":"https://feed.craftedsignal.io/briefs/2026-05-nordvpn-dos/","summary":"NordVPN version 6.14.31 is vulnerable to a denial-of-service attack (CVE-2018-25368) where an unauthenticated attacker can crash the application by submitting an excessively long string in the password field.","title":"NordVPN Denial-of-Service Vulnerability (CVE-2018-25368)","url":"https://feed.craftedsignal.io/briefs/2026-05-nordvpn-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — NordVPN","version":"https://jsonfeed.org/version/1.1"}