CVE-2025-34127

Summary

A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a specially crafted message to the UDP port 9256, an attacker can overwrite the structured exception handler (SEH) due to insufficient bounds checking on user-supplied input leading to remote code execution.

Affected Software

VendorProductVersion RangeStatus
Achat SoftwareAchat Chat Server0.150affected

Weaknesses

  • CWE-121: CWE-121 Stack-based Buffer Overflow
  • CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References