CVE-2025-9001

Name of the Vulnerable Software and Affected Versions: LemonOS versions prior to nightly-2024-07-13

Description: A stack-based buffer overflow issue exists in the HTTP Client component of LemonOS. The HTTPGet function within the /Applications/Steal/main.cpp file is affected, specifically due to manipulation of the chunkSize argument. This issue can be exploited remotely. The exploit has been disclosed to the public.

Recommendations: Update LemonOS to a version later than nightly-2024-07-12. As a temporary workaround, consider restricting the use of the HTTPGet function until a patch is available.