Skip to main content

Freefloat Ftp Server CVE-2025-5550

| EUVDEUVD-2025-16799 HIGH
Buffer Overflow (CWE-119)
2025-06-04 cna@vuldb.com
7.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
EUVD ID Assigned
Mar 14, 2026 - 17:29 euvd
EUVD-2025-16799
Analysis Generated
Mar 14, 2026 - 17:29 vuln.today
PoC Detected
Jun 24, 2025 - 15:21 vuln.today
Public exploit code
CVE Published
Jun 04, 2025 - 01:15 nvd
HIGH 7.3

DescriptionCVE.org

A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this issue is some unknown functionality of the component PBSZ Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's PBSZ Command Handler that allows unauthenticated remote attackers to cause denial of service and potentially achieve code execution with low integrity and confidentiality impact. The vulnerability has been publicly disclosed with exploit code available, increasing real-world exploitation risk; however, the CVSS 7.3 score reflects limited scope and partial confidentiality/integrity impact rather than complete system compromise.

Technical ContextAI

The vulnerability exists in the FTP protocol's PBSZ (Protection Buffer Size) command handler, a mechanism used to negotiate secure data channel parameters in FTP sessions (typically associated with AUTH TLS/SSL extensions per RFC 4217). CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) indicates insufficient input validation on the PBSZ parameter value, causing a classic stack or heap buffer overflow. The FTP protocol itself is inherently insecure and runs on port 21/TCP; the PBSZ command accepts an integer parameter specifying buffer size, which FreeFloat FTP Server 1.0 fails to properly bounds-check before copying to a fixed-size buffer. CPE identifier would be: cpe:2.3:a:freefloat:ftp_server:1.0:*:*:*:*:*:*:* (exact CPE from vendor if available; FreeFloat is a legacy Windows-based FTP server often deployed in legacy environments).

RemediationAI

Primary: Upgrade FreeFloat FTP Server to a patched version if vendor released one (contact FreeFloat/check vendor site for version 1.1+ or replacement); FreeFloat development is defunct/legacy, so patches may not be available—consider migration to maintained FTP server (vsftpd, ProFTPD, IIS FTP on modern Windows). Immediate mitigations: (1) Disable FTP entirely if not required; migrate to SFTP/SCP; (2) Restrict FTP port 21/TCP access via firewall to trusted internal networks only; (3) Run FTP service in a network-isolated or DMZ segment with no direct internet exposure; (4) Implement IDS/IPS rules detecting oversized PBSZ parameter values (e.g., PBSZ values >16MB or non-numeric input); (5) If upgrade path exists, apply immediately; (6) Monitor FTP logs for PBSZ command anomalies or connection drops. No vendor advisory link available; check archived security databases or vendor site directly.

CVE-2012-10023 MEDIUM POC
6.9 Aug 05

A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. Rated medium severity (CVSS 6.

CVE-2012-10030 CRITICAL POC
9.3 Aug 05

FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbit

CVE-2012-5106 CRITICAL POC
10.0 Jun 20

Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute arbitrary code via

CVE-2025-5548 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in the NOOP Command Handler of FreeFloat FTP Server 1.0 that allows remote, unaut

CVE-2024-0548 HIGH POC
7.5 Jan 15

A vulnerability was found in FreeFloat FTP Server 1.0 and classified as problematic. Rated high severity (CVSS 7.5), thi

CVE-2025-5667 HIGH POC
7.3 Jun 05

Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's REIN Command Handler that allows unauthenticated re

CVE-2025-5666 HIGH POC
7.3 Jun 05

Critical buffer overflow vulnerability in the XMKD Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticat

CVE-2025-5665 HIGH POC
7.3 Jun 05

Critical buffer overflow vulnerability in the XCWD Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticat

CVE-2025-5664 HIGH POC
7.3 Jun 05

Critical buffer overflow vulnerability in the RESTART Command Handler of FreeFloat FTP Server 1.0 that allows unauthenti

CVE-2025-5596 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0 affecting the REGET command handler, allowing unauthe

CVE-2025-5595 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in the PROGRESS Command Handler of FreeFloat FTP Server 1.0 that allows unauthent

CVE-2025-5594 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in the SET Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticate

Share

CVE-2025-5550 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy