cbcvebase.
CVE-2025-34105
published 2025-07-15

CVE-2025-34105: A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14. The vulnerability…

PriorityP269critical10CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.00%
58.4th percentile
A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14. The vulnerability arises from improper bounds checking on the path component of HTTP GET requests. By sending a specially crafted long URI, a remote unauthenticated attacker can trigger a buffer overflow, potentially leading to arbitrary code execution with SYSTEM privileges on vulnerable Windows hosts.

Affected

3 ranges
VendorProductVersion rangeFixed in
flexensediskboss_enterprise
flexensediskboss_enterprise
flexensediskboss_enterprise

Detection & IOCsextracted from sources · hover to see the quote

versionDiskBoss Enterprise 7.4.28
versionDiskBoss Enterprise 7.5.12
urlhttps://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/diskboss_get_bof.rb
  • Detect oversized HTTP GET request URIs targeting the DiskBoss Enterprise built-in web server; a specially crafted long URI in the path component is the attack vector for triggering the stack-based buffer overflow.
  • Monitor for exploitation attempts originating from unauthenticated remote sources against the DiskBoss Enterprise HTTP service; no authentication is required to trigger the vulnerability.
  • Alert on anomalous child processes or SYSTEM-level process spawning from the DiskBoss Enterprise web server process on Windows hosts, which may indicate successful exploitation leading to arbitrary code execution.
  • A public Metasploit module (exploits/windows/http/diskboss_get_bof) exists for this vulnerability; correlate IDS/IPS signatures against known Metasploit HTTP GET exploit patterns targeting DiskBoss Enterprise web interface.
  • ·Exploitation has been confirmed only on Windows XP SP3 and Windows 7 SP1; reliability on other Windows versions is unverified.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.