cbcvebase.
CVE-2025-34108
published 2025-07-15

CVE-2025-34108: A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted…

PriorityP261high8.6CVSS 4.0
AVNACLATNPRNUIAVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.86%
54.0th percentile
A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the libspp.dll component. Successful exploitation allows arbitrary code execution with SYSTEM privileges.

Affected

1 ranges
VendorProductVersion rangeFixed in
falconstor_softwaredisk_pulse_enterprise

Detection & IOCsextracted from sources · hover to see the quote

url/login
pathlibspp.dll
versionDisk Pulse Enterprise 9.0.34
  • Monitor for abnormally long username parameter values in HTTP POST requests to the /login endpoint of Disk Pulse Enterprise, indicative of a stack-based buffer overflow attempt.
  • Look for Egghunter shellcode patterns in HTTP POST body payloads targeting the Disk Pulse Enterprise login endpoint, as the exploit uses this technique due to size constraints.
  • Alert on processes spawned under NT AUTHORITY\SYSTEM originating from the Disk Pulse Enterprise service process, which may indicate successful exploitation.
  • ·Exploitation is limited to Disk Pulse Enterprise version 9.0.34 specifically; other versions may not be affected by this exact vulnerability.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.