Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-34105

A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14. The vulnerability arises from improper bounds checking on the path component of HTTP GET requests. By sending a specially crafted long URI, a remote unauthenticated attacker can trigger a buffer overflow, potentially leading to arbitrary code execution with SYSTEM privileges on vulnerable Windows hosts.

Published

2025-07-15T13:15:30.107

Last Modified

2025-07-15T20:07:28.023

Status

Awaiting Analysis

Source

[email protected]

Severity

Weaknesses

Type: Secondary
CWE-20
CWE-787

Affected Vendors & Products

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/diskboss_get_bof.rb ([email protected])
https://www.exploit-db.com/exploits/40869 ([email protected])
https://www.exploit-db.com/exploits/42395 ([email protected])
https://www.vulncheck.com/advisories/diskboss-enterprise-buffer-overflow-rce ([email protected])