CVE-2025-34108
Disk Pulse Enterprise 9.0.34 Login Stack Buffer Overflow
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the libspp.dll component. Successful exploitation allows arbitrary code execution with SYSTEM privileges.
| CWE | CWE-121 CWE-20 |
| Vendor | falconstor software |
| Product | disk pulse enterprise |
| Published | Jul 15, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for falconstor software disk pulse enterprise
Be the first to know when new unknown vulnerabilities affecting falconstor software disk pulse enterprise are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Falconstor Software / Disk Pulse Enterprise
9.0.34
References
raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/disk_pulse_enterprise_bof.rb exploit-db.com: https://www.exploit-db.com/exploits/40452 vulners.com: https://vulners.com/metasploit/MSF:EXPLOIT-WINDOWS-HTTP-DISK_PULSE_ENTERPRISE_BOF- advisories.checkpoint.com: https://advisories.checkpoint.com/defense/advisories/public/2017/cpai-2017-0006.html/ vulncheck.com: https://www.vulncheck.com/advisories/disk-pulse-enterprise-login-stack-buffer-overflow
Credits
Tulpa Security