How to fix EUVD-2025-21030?

Within 24 hours: Immediately identify and inventory all systems running Easy File Sharing HTTP Server 7.2; disable or isolate the /sendemail.ghp endpoint if operationally feasible; implement network-level access controls to restrict POST requests to this endpoint. Within 7 days: Deploy WAF rules to block malicious POST requests to /sendemail.ghp with oversized Email parameters; establish continuous monitoring for exploitation attempts; plan migration to alternative software if no patch timeline is available from vendor. Within 30 days: Complete decommissioning of Easy File Sharing HTTP Server 7.2 or upgrade to patched version once released; conduct forensic analysis for signs of prior compromise.

Is Stack Overflow affected by EUVD-2025-21030?

A critical remote code execution vulnerability in Easy File Sharing HTTP Server version 7.2 allows unauthenticated attackers to gain complete control of affected servers without authentication.

EUVD-2025-21030

| CVE-2025-34096 CRITICAL

2025-07-10 [email protected]

9.3

CVSS 4.0

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Lifecycle Timeline

Analysis Generated

Mar 16, 2026 - 06:52 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 06:52 euvd

EUVD-2025-21030

PoC Detected

Jul 15, 2025 - 13:14 vuln.today

Public exploit code

CVE Published

Jul 10, 2025 - 20:15 nvd

CRITICAL 9.3

Description

A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2. The flaw is triggered when a crafted POST request is sent to the /sendemail.ghp endpoint containing an overly long Email parameter. The application fails to properly validate the length of this field, resulting in a memory corruption condition. An unauthenticated remote attacker can exploit this to execute arbitrary code with the privileges of the server process.

Analysis

Easy File Sharing HTTP Server version 7.2 contains a stack-based buffer overflow triggered by an oversized Email parameter in POST requests to /sendemail.ghp. Unauthenticated attackers can exploit this for remote code execution on the Windows server.

Technical Context

The /sendemail.ghp endpoint processes the Email POST parameter without bounds checking. An overly long value overflows a stack buffer, overwriting the return address. An attacker can redirect execution to shellcode embedded in the HTTP request.

Affected Products

['Easy File Sharing HTTP Server 7.2']

Remediation

Replace with a maintained file sharing solution. If the application must remain, restrict access to trusted networks. Enable DEP and ASLR on the Windows host.

Priority Score

116

Low Medium High Critical

KEV: 0

EPSS: +49.1

CVSS: +46

POC: +20

EUVD-2025-21030 vulnerability details – vuln.today

Back

EUVD-2025-21030

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-21030

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code