CVE-2025-34096
published 2025-07-10CVE-2025-34096: A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2. The flaw is triggered when a crafted POST request is sent to…
PriorityP267critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.08%
60.8th percentile
A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2. The flaw is triggered when a crafted POST request is sent to the /sendemail.ghp endpoint containing an overly long Email parameter. The application fails to properly validate the length of this field, resulting in a memory corruption condition. An unauthenticated remote attacker can exploit this to execute arbitrary code with the privileges of the server process.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| efs_software_inc | easy_file_sharing_http_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect oversized POST body targeting the /sendemail.ghp endpoint — an unauthenticated attacker sends a crafted POST with an abnormally long Email parameter to trigger stack-based buffer overflow. ↗
- →Monitor for unauthenticated POST requests to /sendemail.ghp on Easy File Sharing HTTP Server 7.2 instances, particularly those with unusually large Email field values indicative of buffer overflow attempts. ↗
- →Metasploit module exists for this vulnerability targeting Easy File Sharing HTTP Server 7.2 via POST buffer overflow — presence of this module in use may be detected via known Metasploit payload signatures in network traffic. ↗
- ·The Metasploit module targets the Windows platform specifically; exploitation results in code execution with server process privileges on Windows hosts running Easy File Sharing HTTP Server 7.2. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2025-07-10
Published