CVE-2020-37025
Published: 30 January 2026
Summary
CVE-2020-37025 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Port Forwarding Wizard (inferred from references). Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 5.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2020-37025 is a buffer overflow vulnerability (CWE-120) in Port Forwarding Wizard version 4.8.0, affecting the Register feature on vulnerable Windows systems. The flaw occurs when processing a long request, enabling local attackers to trigger the overflow and potentially execute arbitrary code. The vulnerability carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts.
Local attackers with access to the system can exploit this vulnerability without privileges by crafting a malicious payload that includes an egg tag to overwrite SEH handlers, leading to shellcode execution. This allows full arbitrary code execution, potentially granting attackers control over the affected Windows machine.
Advisories and related resources, including those from Vulncheck and an exploit proof-of-concept on Exploit-DB (ID 48695), detail the issue; the vendor site at port-forwarding.net should be consulted for any patches or updates.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-30951
Vulnerability details
Port Forwarding Wizard 4.8.0 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code through a long request in the Register feature. Attackers can craft a malicious payload with an egg tag and overwrite SEH handlers to…
more
potentially execute shellcode on vulnerable Windows systems.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local buffer overflow (SEH overwrite) in client software directly enables arbitrary code execution without privileges, mapping to exploitation for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Flaw Remediation directly prevents exploitation by applying vendor patches to fix the buffer overflow vulnerability in the Port Forwarding Wizard Register feature.
Information Input Validation comprehensively addresses the CVE by enforcing bounds checking on long requests to prevent buffer overflows in the Register feature.
Memory Protection mitigates buffer overflow exploitation by implementing DEP, ASLR, and stack canaries to hinder SEH handler overwrites and shellcode execution.