High severityNVD Advisory· Published Jul 15, 2025· Updated Apr 15, 2026

CVE-2025-34108

Description

A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the libspp.dll component. Successful exploitation allows arbitrary code execution with SYSTEM privileges.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

advisories.checkpoint.com/defense/advisories/public/2017/cpai-2017-0006.html/nvd
raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/disk_pulse_enterprise_bof.rbnvd
vulners.com/metasploit/MSF:EXPLOIT-WINDOWS-HTTP-DISK_PULSE_ENTERPRISE_BOF-nvd
www.exploit-db.com/exploits/40452nvd
www.vulncheck.com/advisories/disk-pulse-enterprise-login-stack-buffer-overflownvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.056
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000