Critical severityNVD Advisory· Published Sep 16, 2025· Updated Apr 15, 2026

CVE-2009-20005

Description

A stack-based buffer overflow exists in the UtilConfigHome.csp endpoint of InterSystems Caché 2009.1. The vulnerability is triggered by sending a specially crafted HTTP GET request containing an oversized argument to the .csp handler. Due to insufficient bounds checking, the input overflows a stack buffer, allowing an attacker to overwrite control structures and execute arbitrary code. It is unknown if this vulnerability was patched and an affected version range remains undefined.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/intersystems_cache.rbnvd
www.exploit-db.com/exploits/16807nvd
www.intersystems.com/products/cache/nvd
www.juniper.net/us/en/threatlabs/ips-signatures/detail.APP:INTERSYSTEMS-CACHE-OF.htmlnvd
www.vulncheck.com/advisories/intersystems-cache-stack-buffer-overflownvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.055
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000