CVE-2025-8760 | THREATINT

Description

A vulnerability was identified in INSTAR 2K+ and 4K 3.11.1 Build 1124. This affects the function base64_decode of the component fcgi_server. The manipulation of the argument Authorization leads to buffer overflow. It is possible to initiate the attack remotely.

Dabei betrifft es die Funktion base64_decode der Komponente fcgi_server. Mittels dem Manipulieren des Arguments Authorization mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen.

PUBLISHED Reserved 2025-08-08 | Published 2025-08-13 | Updated 2025-08-13 | Assigner VulDB

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:W/RC:R

CRITICAL: 9.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:W/RC:R

10.0AV:N/AC:L/Au:N/C:C/I:C/A:C/E:ND/RL:W/RC:UR

Problem types

Buffer Overflow

Memory Corruption

Product status

3.11.1 Build 1124

affected

3.11.1 Build 1124

affected

Timeline

2025-08-13:	Advisory disclosed
2025-08-13:	VulDB entry created
2025-08-13:	VulDB entry last update

Credits

Michael Imfeld (modzero AG) finder

References

vuldb.com/?id.319863 (VDB-319863 | INSTAR 2K+/4K fcgi_server base64_decode buffer overflow) vdb-entry technical-description

vuldb.com/?ctiid.319863 (VDB-319863 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

modzero.com/static/MZ-25-03_modzero_INSTAR.pdf related

cve.org (CVE-2025-8760)

nvd.nist.gov (CVE-2025-8760)

Download JSON