CVE-2025-34105
published 2025-07-15CVE-2025-34105: A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14. The vulnerability…
PriorityP269critical10CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.00%
58.4th percentile
A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14. The vulnerability arises from improper bounds checking on the path component of HTTP GET requests. By sending a specially crafted long URI, a remote unauthenticated attacker can trigger a buffer overflow, potentially leading to arbitrary code execution with SYSTEM privileges on vulnerable Windows hosts.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| flexense | diskboss_enterprise | — | — |
| flexense | diskboss_enterprise | — | — |
| flexense | diskboss_enterprise | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttps://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/diskboss_get_bof.rb↗
- →Detect oversized HTTP GET request URIs targeting the DiskBoss Enterprise built-in web server; a specially crafted long URI in the path component is the attack vector for triggering the stack-based buffer overflow. ↗
- →Monitor for exploitation attempts originating from unauthenticated remote sources against the DiskBoss Enterprise HTTP service; no authentication is required to trigger the vulnerability. ↗
- →Alert on anomalous child processes or SYSTEM-level process spawning from the DiskBoss Enterprise web server process on Windows hosts, which may indicate successful exploitation leading to arbitrary code execution. ↗
- →A public Metasploit module (exploits/windows/http/diskboss_get_bof) exists for this vulnerability; correlate IDS/IPS signatures against known Metasploit HTTP GET exploit patterns targeting DiskBoss Enterprise web interface. ↗
- ·Exploitation has been confirmed only on Windows XP SP3 and Windows 7 SP1; reliability on other Windows versions is unverified. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2025-07-15
Published