CVE-2012-10060 CRITICAL

CVE-2012-10060: Sysax Multi Server < 5.55 SSH Username Buffer Overflow

Vendor Sysax Software
Product Multi Server
Weakness CWE-121
Published August 13, 2025
Last update May 26, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Sysax Multi Server versions prior to 5.55 contain a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username during authentication, the server copies the input to a fixed-size stack buffer without proper bounds checking. This allows remote code execution under the context of the service.

Key dates

02Disclosure timeline

August 13, 2025 CVE published
May 26, 2026 Record updated