CVE-2025-34105

CRITICAL

DiskBoss Enterprise <8.2.14 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2025-34105. PoCs published by Ahmad Mahfouz, vportal, vportal, Ahmad Mahfouz, Gabor Seljan, Jacob Robles, including Metasploit module exploits/windows/http/diskboss_get_bof.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in DiskBoss Enterprise v8.2.14 via a crafted HTTP GET request. It includes a reverse shell payload generated by msfvenom and leverages SEH overwrites for execution.

Description

A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14. The vulnerability arises from improper bounds checking on the path component of HTTP GET requests. By sending a specially crafted long URI, a remote unauthenticated attacker can trigger a buffer overflow, potentially leading to arbitrary code execution with SYSTEM privileges on vulnerable Windows hosts.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Ahmad Mahfouz · pythonremotewindows
https://www.exploit-db.com/exploits/42395

This exploit targets a buffer overflow vulnerability in DiskBoss Enterprise v8.2.14 via a crafted HTTP GET request. It includes a reverse shell payload generated by msfvenom and leverages SEH overwrites for execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: DiskBoss Enterprise v8.2.14
No auth needed
Prerequisites: Network access to the target's web interface (port 80) · DiskBoss Enterprise v8.2.14 with management web-console enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by vportal · pythonremotewindows
https://www.exploit-db.com/exploits/40869

This exploit targets a SEH-based stack overflow in DiskBoss Enterprise 7.4.28 via a malformed HTTP GET request. It uses a bind shell payload generated by msfvenom to achieve remote code execution on vulnerable Windows systems.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: DiskBoss Enterprise 7.4.28
No auth needed
Prerequisites: Network access to the target · Vulnerable version of DiskBoss Enterprise running on Windows
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by vportal, Ahmad Mahfouz, Gabor Seljan, Jacob Robles · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/diskboss_get_bof.rb

This Metasploit module exploits a stack-based buffer overflow in DiskBoss Enterprise via a maliciously crafted HTTP GET request. It targets specific versions (7.4.28, 7.5.12, 8.2.14) by leveraging SEH overwrites or direct EIP control to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: DiskBoss Enterprise v7.4.28, v7.5.12, v8.2.14
No auth needed
Prerequisites: Network access to the DiskBoss web interface · Target running a vulnerable version of DiskBoss Enterprise
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v4 10.0
EPSS 0.0100
EPSS Percentile 58.2%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-20 CWE-787
Status published
Products (3)
Flexense/DiskBoss Enterprise 7.4.28
Flexense/DiskBoss Enterprise 7.5.12
Flexense/DiskBoss Enterprise 8.2.14
Published Jul 15, 2025
Tracked Since Feb 18, 2026