webfsd buffer overflow allows RCE (CVE-2025-70314)

Patch now - CVE-2025-70314 is a critical buffer overflow in webfsd 1.21 that lets an unauthenticated attacker execute arbitrary code or crash the server via a crafted filename request. Upgrade to the patched version of webfsd without delay.

Security Advisory: Critical Buffer Overflow in webfsd 1.21

Overview

A critical security vulnerability has been discovered in webfsd version 1.21, a lightweight, open-source HTTP server. The flaw is a buffer overflow, a type of memory corruption issue, triggered when the server processes a specially crafted network request. An attacker can exploit this by sending malicious data related to a filename, overwhelming a reserved memory space in the software.

Vulnerability Details

In simple terms, the software does not properly check the size of input it receives for a filename before placing it into a fixed-size memory buffer. Imagine a mailbox designed for a single letter; this vulnerability allows an attacker to force an entire package into it, causing damage and spilling contents. This “spillage” can corrupt the server’s normal operation and allow an attacker to take control.

Potential Impact

The impact of this vulnerability is severe (CVSS Score: 9.8). A remote, unauthenticated attacker could exploit this flaw to:

• Execute Arbitrary Code: Run malicious commands on the server with the same permissions as the webfsd process, potentially leading to a full system compromise.
• Cause a Denial-of-Service (DoS): Crash the webfsd service, making hosted websites or files inaccessible.
• Pivot to Other Systems: Use the compromised server as a foothold to attack other devices on the internal network.

Any system running the vulnerable version of webfsd and exposed to a network (including internal networks) is at risk.

Remediation and Mitigation

Immediate action is required to protect affected systems.

Primary Remediation:

1. Upgrade Immediately: Check with your operating system vendor or the webfsd project for an updated, patched version. If a patched version of webfsd 1.21 or a newer release is available, apply it without delay.
2. Recompile from Source: If you compile webfsd from source, obtain and use the patched source code from the official repository.

Immediate Mitigations (if patching is delayed):

• Restrict Network Access: Use firewall rules (e.g., via iptables, nftables, or a network firewall) to restrict access to the webfsd service (default port 80/8080/443) only to absolutely necessary, trusted IP addresses. Do not expose it to the public internet unless strictly required.
• Run with Least Privilege: Ensure the webfsd process is running under a dedicated, non-root user account with minimal system permissions to limit the impact of a potential compromise.
• Monitor and Replace: Consider replacing webfsd with an alternative, actively maintained HTTP server if patches are not forthcoming, and monitor systems for any signs of suspicious activity.

Action: System administrators should inventory their environments for the use of webfsd 1.21 and apply the patch or mitigations as a high-priority task.