CVE-2025-34096 | THREATINT

Description

A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2. The flaw is triggered when a crafted POST request is sent to the /sendemail.ghp endpoint containing an overly long Email parameter. The application fails to properly validate the length of this field, resulting in a memory corruption condition. An unauthenticated remote attacker can exploit this to execute arbitrary code with the privileges of the server process.

PUBLISHED Reserved 2025-04-15 | Published 2025-07-10 | Updated 2026-04-07 | Assigner VulnCheck

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Product status

Default status

unknown

7.2

affected

Credits

bl4ck h4ck3r finder

References

raw.githubusercontent.com/...ws/http/easyfilesharing_post.rb exploit

www.exploit-db.com/exploits/42186 exploit

vulncheck/...s/easy-file-sharing-http-server-buffer-overflow third-party-advisory

cve.org (CVE-2025-34096)

nvd.nist.gov (CVE-2025-34096)

Download JSON