CVE-2025-34127

Vulnerability Description

A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a specially crafted message to the UDP port 9256, an attacker can overwrite the structured exception handler (SEH) due to insufficient bounds checking on user-supplied input leading to remote code execution.

Related Weaknesses (CWE)

CWE-94 CWE-121

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exp
https://www.exploit-db.com/exploits/36056
https://www.vulncheck.com/advisories/achat-seh-buffer-overflow

FAQ

What is CVE-2025-34127?

CVE-2025-34127 is a documented vulnerability. A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a specially crafted message to the UDP port 9256, an attacker can overwrite the structured exception handl...

How severe is CVE-2025-34127?

CVSS scoring is not yet available for CVE-2025-34127. Check NVD for updates.

Is there a patch for CVE-2025-34127?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.