cbcvebase.
CVE-2025-34127
published 2025-07-16

CVE-2025-34127: A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a specially crafted message to the UDP port 9256, an attacker can…

PriorityP266critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.12%
62.2th percentile
A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a specially crafted message to the UDP port 9256, an attacker can overwrite the structured exception handler (SEH) due to insufficient bounds checking on user-supplied input leading to remote code execution.

Affected

1 ranges
VendorProductVersion rangeFixed in
achat_softwareachat_chat_server

Detection & IOCsextracted from sources · hover to see the quote

port9256/UDP
urlhttps://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/achat_bof.rb
  • Monitor for unexpected or malformed UDP traffic destined for port 9256, which is the default Achat listening port targeted by this exploit.
  • The exploit is timing-dependent due to two threads simultaneously overflowing the stack; anomalous process crashes or SEH-related exceptions in the Achat process may indicate exploitation attempts.
  • The overflow is Unicode-based (Unicode SEH buffer overflow); detection rules should account for Unicode-encoded shellcode patterns in UDP payloads to port 9256.
  • ·The vulnerability is only exploitable in Achat's DEFAULT configuration; non-default configurations may not expose port 9256/UDP and would not be affected.
  • ·The Metasploit module was tested specifically against Achat v0.150 on Windows XP SP3 and Windows 7; reliability on other OS versions is unconfirmed.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.