← back
CVE-2025-34096

Easy File Sharing HTTP Server 7.2 Buffer Overflow via POST to /sendemail.ghp

CVSS 9.3 CRITICALEPSS 1.1%CWE-119
A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2. The flaw is triggered when a crafted POST request is sent to the /sendemail.ghp endpoint containing an overly long Email parameter. The application fails to properly validate the length of this field, resulting in a memory corruption condition. An unauthenticated remote attacker can exploit this to execute arbitrary code with the privileges of the server process.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
EFS Software Inc. · Easy File Sharing HTTP Server
public PoCs found3
githubgithub.com/TheMalwareGuardian/CVE-2025-340960cve_referenceraw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/easyfilesharing_post.rbunverifiedcve_referencewww.exploit-db.com/exploits/42186unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/easyfilesharing_post.rbhttps://vulncheck/advisories/easy-file-sharing-http-server-buffer-overflowhttps://www.exploit-db.com/exploits/42186