Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component NOOP Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
Critical buffer overflow vulnerability in the NOOP Command Handler of FreeFloat FTP Server 1.0 that allows remote, unauthenticated attackers to achieve arbitrary code execution or cause denial of service. The vulnerability has been publicly disclosed with working exploits available, and while the CVSS score of 7.3 indicates moderate severity, the combination of remote exploitability, lack of authentication requirements, and confirmed public disclosure elevates real-world risk significantly.
Technical ContextAI
FreeFloat FTP Server 1.0 implements an FTP (File Transfer Protocol) daemon with a NOOP (No Operation) command handler that improperly validates input buffer lengths. The vulnerability is rooted in CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic stack or heap buffer overflow condition. When processing NOOP commands, the server fails to enforce proper bounds checking on command arguments, allowing an attacker to write beyond allocated memory regions. This affects the FTP control channel protocol (typically TCP port 21) where command parsing occurs. The affected CPE would be cpe:2.3:a:freefloat:freefloat_ftp_server:1.0, with all installation variants vulnerable regardless of configuration.
RemediationAI
Contact FreeFloat vendor to determine if any patched version exists; if no vendor support available, product should be discontinued Workaround: Implement network-level ACLs to limit connections to port 21/TCP to trusted sources only Mitigation: Configure intrusion detection/prevention systems to monitor for FTP NOOP command overflow patterns Long-term: Inventory all systems running FreeFloat FTP Server 1.0 and migrate to supported alternatives
Wing FTP Server before 7.4.4 contains a critical remote code execution vulnerability (CVE-2025-47812, CVSS 10.0) through
The FTP (aka "Implementation of a simple FTP client and server") project through 96c1a35 allows remote attackers to caus
Critical buffer overflow vulnerability in PCMan FTP Server 2.0.7's SYSTEM Command Handler that allows unauthenticated re
Critical buffer overflow vulnerability in the SET Command Handler of PCMan FTP Server 2.0.7 that allows remote attackers
Critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 affecting the PLS Command Handler component. Remote att
A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 7.3). Risk factors: public PoC available
Critical buffer overflow vulnerability in the HOST Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticat
Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's SYSTEM Command Handler that allows unauthenticated
Critical buffer overflow vulnerability in the PASV command handler of FreeFloat FTP Server 1.0 that allows unauthenticat
Linux kernel netfilter FTP NAT helper fails to properly initialize sequence adjustment extensions when connection tracki
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-16815