CVE-2025-34108

High CVSS 8.6

Overview

A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the libspp.dll component. Successful exploitation allows arbitrary code execution with SYSTEM privileges.

CWE: CWE-20 Published: 2025-07-15T13:15:30.527

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.6 (HIGH)
Detected tags: buffer, rce (tag impact: VERY HIGH)

Recommended actions:

Patch/upgrade immediately (remote code execution).
Reduce exposure (WAF/segmentation), minimize attack surface.

Overview

Recommended tools

Tags