QwikSec

Security Database

CVE

CWE

Training

CVE-2025-34096

Published: Jul 10, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2. The flaw is triggered when a crafted POST request is sent to the /sendemail.ghp endpoint containing an overly long Email parameter. The application fails to properly validate the length of this field, resulting in a memory corruption condition. An unauthenticated remote attacker can exploit this to execute arbitrary code with the privileges of the server process.

Vendor	Product	Versions
EFS Software Inc.	Easy File Sharing HTTP Server	affected `7.2`

Weaknesses (CWE)

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/easyfilesharing_post.rb

exploit

https://www.exploit-db.com/exploits/42186

exploit

https://vulncheck/advisories/easy-file-sharing-http-server-buffer-overflow

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2025-34096 - Security Vulnerability | QwikSec