CVE-2025-34105
DiskBoss Enterprise Stack-Based Buffer Overflow RCE
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14. The vulnerability arises from improper bounds checking on the path component of HTTP GET requests. By sending a specially crafted long URI, a remote unauthenticated attacker can trigger a buffer overflow, potentially leading to arbitrary code execution with SYSTEM privileges on vulnerable Windows hosts.
| CWE | CWE-20 CWE-787 |
| Vendor | flexense |
| Product | diskboss enterprise |
| Published | Jul 15, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for flexense diskboss enterprise
Be the first to know when new unknown vulnerabilities affecting flexense diskboss enterprise are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Flexense / DiskBoss Enterprise
7.4.28 7.5.12 8.2.14
References
exploit-db.com: https://www.exploit-db.com/exploits/40869 exploit-db.com: https://www.exploit-db.com/exploits/42395 raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/diskboss_get_bof.rb vulncheck.com: https://www.vulncheck.com/advisories/diskboss-enterprise-buffer-overflow-rce
Credits
vportal Ahmad Mahfouz