CVE-2025-34108

Summary

A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the libspp.dll component. Successful exploitation allows arbitrary code execution with SYSTEM privileges.

Affected Software

VendorProductVersion RangeStatus
Falconstor SoftwareDisk Pulse Enterprise9.0.34affected

Weaknesses

  • CWE-121: CWE-121 Stack-based Buffer Overflow
  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References