CRITICAL🇵🇱 Wersja polska

CVE-2025-34105

CVSS 10.0v4.0pub. 2025-07-15upd. 2026-04-15

A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14. The vulnerability arises from improper bounds checking on the path component of HTTP GET requests. By sending a specially crafted long URI, a remote unauthenticated attacker can trigger a buffer overflow, potentially leading to arbitrary code execution with SYSTEM privileges on vulnerable Windows hosts.

🤖 AI Analysis
How it works

The vulnerability results from improper bounds checking in the HTTP GET request path component directed to the application's built-in web server. Sending a specially crafted, excessively long URI causes a stack-based buffer overflow. This allows an attacker to overwrite control data on the stack and seize program execution control without requiring authentication.

Impact

An attacker can achieve arbitrary code execution (RCE) with SYSTEM account privileges on a vulnerable Windows host, gaining full control over the operating system.

Mitigation & patch

Apply patches available from the vendor according to references. As an interim measure, it is recommended to block access to the DiskBoss Enterprise built-in web interface from external networks and untrusted internal network segments, for example using a firewall or ACL rules.

Who is affected

DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14 running on Windows systems.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEAuth BypassMemory
CWE
References