Description
A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2. The flaw is triggered when a crafted POST request is sent to the /sendemail.ghp endpoint containing an overly long Email parameter. The application fails to properly validate the length of this field, resulting in a memory corruption condition. An unauthenticated remote attacker can exploit this to execute arbitrary code with the privileges of the server process.
Published: 2025-07-10
Score: 9.3 Critical
EPSS: 53.3% High
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A stack-based buffer overflow exists in Easy File Sharing HTTP Server version 7.2. The flaw is triggered by a long Email parameter in a POST request to the /sendemail.ghp endpoint. The lack of length validation corrupts the stack, allowing an unauthenticated attacker to run arbitrary code with the privileges of the server process. The vulnerability is a classic buffer overflow, identified as CWE-119.

Affected Systems

EFS Software Inc. Easy File Sharing HTTP Server version 7.2 is affected. No other versions or products are currently known to be vulnerable.

Risk and Exploitability

The CVSS score of 9.3 highlights a high severity remote exploitation risk, while the EPSS of 53% indicates it is likely to be actively exploited. The vulnerability is not listed in the CISA KEV catalog, but the attack vector is a remote unauthenticated POST to /sendemail.ghp, which can be leveraged to achieve full remote code execution on the underlying server.

Generated by OpenCVE AI on April 28, 2026 at 01:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Easy File Sharing HTTP Server to the latest official release that resolves the buffer overflow (or apply any vendor patch if available).
  • Modify server configuration to enforce strict length limits on the Email field received by /sendemail.ghp, rejecting requests that exceed safe bounds. This mitigates the buffer overflow by preventing the stack corruption before it occurs.
  • Deploy a web application firewall rule or network filter to block or scrutinize POST requests to /sendemail.ghp, especially from untrusted IPs, and drop payloads that exceed a configured safe size threshold.

Generated by OpenCVE AI on April 28, 2026 at 01:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-21030 A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2. The flaw is triggered when a crafted POST request is sent to the /sendemail.ghp endpoint containing an overly long Email parameter. The application fails to properly validate the length of this field, resulting in a memory corruption condition. An unauthenticated remote attacker can exploit this to execute arbitrary code with the privileges of the server process.
History

Fri, 21 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Efssoft
Efssoft easy File Sharing Web Server
CPEs cpe:2.3:a:efssoft:easy_file_sharing_web_server:7.2:*:*:*:*:*:*:*
Vendors & Products Efssoft
Efssoft easy File Sharing Web Server

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00157}

 epss

{'score': 0.00207}

Fri, 11 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00157}

Fri, 11 Jul 2025 13:30:00 +0000

Type Values Removed Values Added
Metrics epss

{}

Thu, 10 Jul 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 10 Jul 2025 19:30:00 +0000

Type Values Removed Values Added
Description A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2. The flaw is triggered when a crafted POST request is sent to the /sendemail.ghp endpoint containing an overly long Email parameter. The application fails to properly validate the length of this field, resulting in a memory corruption condition. An unauthenticated remote attacker can exploit this to execute arbitrary code with the privileges of the server process.
Title Easy File Sharing HTTP Server 7.2 Buffer Overflow via POST to /sendemail.ghp
Weaknesses CWE-119
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Efssoft Easy File Sharing Web Server
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-07T14:09:26.038Z

Reserved: 2025-04-15T19:15:22.555Z

Link: CVE-2025-34096

cve-icon Vulnrichment

Updated: 2025-07-10T20:27:58.715Z

cve-icon NVD

Status : Deferred

Published: 2025-07-10T20:15:25.110

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-34096

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T01:15:15Z

Weaknesses