What is CVE-2009-20005?

CVE-2009-20005 is a vulnerability in Intersystems Corporation Caché, classified under Stack-based Buffer Overflow. Published 2025-09-16.

Is CVE-2009-20005 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Intersystems Corporation Caché

CVE-2009-20005

A stack-based buffer overflow exists in the UtilConfigHome.csp endpoint of InterSystems Caché 2009.1. The vulnerability is triggered by sending a specially crafted HTTP GET request containing an oversized argument to the .csp handler. Due…

Vulnerability class: Buffer Overflow

EPSS: 0.693 (98.7th percentile) — read the EPSS interpretation.

Affected products

Intersystems Corporation Caché — versions 0

Weakness classification (CWE)

CWE-121 — Stack-based Buffer Overflow

Public proof-of-concept exploits

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/w… (exploit)
www.exploit-db.com/exploits/16807 (exploit)
www.juniper.net/us/en/threatlabs/ips-signatures/detail.APP:INTERSYSTEMS-CACHE-O… (third-party-advisory)
www.intersystems.com/products/cache/ (product)
www.vulncheck.com/advisories/intersystems-cache-stack-buffer-overflow (third-party-advisory)

Frequently asked questions

What is CVE-2009-20005?: CVE-2009-20005 is a vulnerability in Intersystems Corporation Caché, classified under Stack-based Buffer Overflow. Published 2025-09-16.
Is CVE-2009-20005 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.