216.73.217.64

CVE-2025-34108

· Published 15/07/2025 13:15 · Modified 15/07/2025 20:07

Labels: CVE-2025-34108 2025-07-15CVE-2025-34108CWE-20[email protected]

Essential information

Published
15/07/2025 13:15
Modified
15/07/2025 20:07
Author
Creator
CVSS
8.6 HIGH (v3) 8.6 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the libspp.dll component. Successful exploitation allows arbitrary code execution with SYSTEM privileges.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
diskpulse / disk pulse enterprise cpe:2.3:a:diskpulse:disk_pulse_enterprise:9.0.34:*:*:*:*:*:*:*

References