Critical severityNVD Advisory· Published Jul 10, 2025· Updated Apr 15, 2026

CVE-2025-34096

Description

A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2. The flaw is triggered when a crafted POST request is sent to the /sendemail.ghp endpoint containing an overly long Email parameter. The application fails to properly validate the length of this field, resulting in a memory corruption condition. An unauthenticated remote attacker can exploit this to execute arbitrary code with the privileges of the server process.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/easyfilesharing_post.rbnvd
vulncheck/advisories/easy-file-sharing-http-server-buffer-overflownvd
www.exploit-db.com/exploits/42186nvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.053
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000