CVE-2025-8760

CRITICAL

INSTAR 2K+/4K <3.11.1.1124 - Buffer Overflow

Title source: llm

Description

A vulnerability was identified in INSTAR 2K+ and 4K 3.11.1 Build 1124. This affects the function base64_decode of the component fcgi_server. The manipulation of the argument Authorization leads to buffer overflow. It is possible to initiate the attack remotely.

Exploits (1)

github WORKING POC 4 stars

by born0monday · pythonpoc

https://github.com/born0monday/CVE-2025-8760

View Code ZIP pw:eip

References (3)

[Various Sources] https://modzero.com/static/MZ-25-03_modzero_INSTAR.pdf

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.319863

[Permissions Required, VDB Entry] https://vuldb.com/?id.319863

Scores

CVSS v3 9.8

EPSS 0.0018

EPSS Percentile 38.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119 CWE-120

Status published

Products (2)

INSTAR/2K+ 3.11.1 Build 1124

INSTAR/4K 3.11.1 Build 1124

Published Aug 13, 2025

Tracked Since Feb 18, 2026