Critical severityNVD Advisory· Published Jul 15, 2025· Updated Apr 15, 2026

CVE-2025-34105

Description

A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14. The vulnerability arises from improper bounds checking on the path component of HTTP GET requests. By sending a specially crafted long URI, a remote unauthenticated attacker can trigger a buffer overflow, potentially leading to arbitrary code execution with SYSTEM privileges on vulnerable Windows hosts.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/diskboss_get_bof.rbnvd
www.exploit-db.com/exploits/40869nvd
www.exploit-db.com/exploits/42395nvd
www.vulncheck.com/advisories/diskboss-enterprise-buffer-overflow-rcenvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.053
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000