CVE-2025-34108
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-07-15
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| disk_pulse | enterprise | 9.0.34 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-34108 is a stack-based buffer overflow vulnerability in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the libspp.dll component. This overflow allows the attacker to execute arbitrary code with SYSTEM-level privileges on the affected system. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including allowing an attacker to execute arbitrary code remotely with SYSTEM privileges, which is the highest level of access on a Windows system. This can lead to full system compromise, unauthorized access to sensitive data, disruption of services (denial of service), and potential further exploitation or lateral movement within a network. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusually long HTTP POST requests to the /login endpoint of Disk Pulse Enterprise version 9.0.34, specifically those with overly long username parameters that may trigger the buffer overflow. A practical detection method is to capture and analyze HTTP traffic on port 80 for such suspicious requests. For example, using tcpdump or Wireshark to filter HTTP POST requests to /login and inspecting the username parameter length. A sample tcpdump command to capture relevant traffic could be: tcpdump -i <interface> 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) > 100)' -w capture.pcap, followed by analysis in Wireshark for POST requests to /login with long username fields. Additionally, using intrusion detection systems (IDS) with signatures for unusually long POST parameters targeting /login could help detect exploitation attempts. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Restricting network access to the Disk Pulse Enterprise login interface, ideally limiting it to trusted internal networks or VPNs to reduce exposure. 2) Applying any available patches or updates from the vendor that address this vulnerability. 3) If patches are not available, implementing web application firewall (WAF) rules to block HTTP POST requests to /login with abnormally long username parameters or suspicious payload patterns. 4) Monitoring logs and network traffic for signs of exploitation attempts, such as large POST requests or unusual activity on port 80. 5) Considering disabling or restricting the vulnerable login functionality if feasible until a patch is applied. [1, 2, 3]