CVE-2025-34096

A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2. The flaw is triggered when a crafted POST request is sent to the /sendemail.ghp endpoint containing an overly long Email parameter. The application fails to properly validate the length of this field, resulting in a memory corruption condition. An unauthenticated remote attacker can exploit this to execute arbitrary code with the privileges of the server process.

CVSS

No CVSS.

References

Link	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/easyfilesharing_post.rb
https://vulncheck/advisories/easy-file-sharing-http-server-buffer-overflow
https://www.exploit-db.com/exploits/42186

Configurations

No configuration.

History

15 Jul 2025, 13:14

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-10 20:15

Updated : 2025-07-15 13:14

NVD link : CVE-2025-34096

Mitre link : CVE-2025-34096

CVE.ORG link : CVE-2025-34096

JSON object : View

Products Affected

No product.

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2025-34096", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-10T20:15:25.110", "references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/easyfilesharing_post.rb", "source": "disclosure@vulncheck.com"}, {"url": "https://vulncheck/advisories/easy-file-sharing-http-server-buffer-overflow", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/42186", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2. The flaw is triggered when a crafted POST request is sent to the /sendemail.ghp endpoint containing an overly long Email parameter. The application fails to properly validate the length of this field, resulting in a memory corruption condition. An unauthenticated remote attacker can exploit this to execute arbitrary code with the privileges of the server process."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la pila en Easy File Sharing HTTP Server versi\u00f3n 7.2. La falla se activa cuando se env\u00eda una solicitud POST manipulada al endpoint /sendemail.ghp que contiene un par\u00e1metro de correo electr\u00f3nico demasiado largo. La aplicaci\u00f3n no valida correctamente la longitud de este campo, lo que provoca una corrupci\u00f3n de memoria. Un atacante remoto no autenticado puede aprovechar esto para ejecutar c\u00f3digo arbitrario con los privilegios del proceso del servidor."}], "lastModified": "2025-07-15T13:14:49.980", "sourceIdentifier": "disclosure@vulncheck.com"}