CVE-2025-34127
published 2025-07-16CVE-2025-34127: A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a specially crafted message to the UDP port 9256, an attacker can…
PriorityP266critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.12%
62.2th percentile
A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a specially crafted message to the UDP port 9256, an attacker can overwrite the structured exception handler (SEH) due to insufficient bounds checking on user-supplied input leading to remote code execution.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| achat_software | achat_chat_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttps://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/achat_bof.rb↗
- →Monitor for unexpected or malformed UDP traffic destined for port 9256, which is the default Achat listening port targeted by this exploit. ↗
- →The exploit is timing-dependent due to two threads simultaneously overflowing the stack; anomalous process crashes or SEH-related exceptions in the Achat process may indicate exploitation attempts. ↗
- →The overflow is Unicode-based (Unicode SEH buffer overflow); detection rules should account for Unicode-encoded shellcode patterns in UDP payloads to port 9256. ↗
- ·The vulnerability is only exploitable in Achat's DEFAULT configuration; non-default configurations may not expose port 9256/UDP and would not be affected. ↗
- ·The Metasploit module was tested specifically against Achat v0.150 on Windows XP SP3 and Windows 7; reliability on other OS versions is unconfirmed. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2025-07-16
Published