What is the CVSS score of CVE-2025-5592?

CVE-2025-5592 has a CVSS 3.1 base score of 7.3 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L. EPSS exploitation probability: 0.2%.

Which versions of Ftp Server are affected by CVE-2025-5592?

A publicly disclosed remote code execution vulnerability exists in FreeFloat FTP Server 1.0 with no available patch, creating immediate risk for any organization running this software.

Is there a public PoC exploit available for CVE-2025-5592?

Yes, a public proof-of-concept exploit is available for CVE-2025-5592. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-5592?

Within 24 hours: Identify and inventory all systems running FreeFloat FTP Server 1.0; immediately disable FTP services if business operations permit, or restrict network access to FTP ports (20/21) via firewall rules. Within 7 days: Evaluate migration to a patched FTP server solution or modern alternatives (SFTP); conduct incident response readiness assessment. Within 30 days: Complete migration away from FreeFloat FTP Server 1.0 to a supported, patched alternative; document remediation completion.

Ftp Server CVE-2025-5592

EUVD-2025-16872 HIGH

Buffer Overflow (CWE-119)

2025-06-04 cna@vuldb.com

Buffer Overflow Ftp Server

7.3

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.3 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 17:29 euvd

EUVD-2025-16872

Analysis Generated

Mar 14, 2026 - 17:29 vuln.today

PoC Detected

Jun 09, 2025 - 15:02 vuln.today

Public exploit code

CVE Published

Jun 04, 2025 - 14:15 nvd

HIGH 7.3

DescriptionCVE.org

A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component PASSIVE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical buffer overflow vulnerability in the PASSIVE Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticated remote attackers to cause denial of service and potentially achieve code execution with limited impact on confidentiality and integrity. The vulnerability has been publicly disclosed with working exploits available, making it an active threat to any organization still running this legacy FTP server software.

Technical ContextAI

FreeFloat FTP Server 1.0 contains an improper bounds checking vulnerability (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer) in the component handling the PASSIVE command of the FTP protocol (RFC 959). The PASSIVE command initiates passive mode transfers where the server listens for client connections. The buffer overflow occurs during the processing of PASSIVE command arguments or responses, likely in stack-allocated buffers that store connection parameters, IP addresses, or port information. This is a classic memory safety issue where insufficient input validation allows an attacker to write beyond allocated buffer boundaries, potentially corrupting the stack and overwriting return addresses or other critical data structures.

RemediationAI

Immediate mitigation steps: (1) DISCONTINUE USE: FreeFloat FTP Server 1.0 is ancient and unsupported; migrate to modern maintained FTP solutions (ProFTPD, vsftpd, IIS FTP on Windows) or preferably to SFTP/SSH solutions; (2) If migration is impossible short-term: implement network-level access controls restricting FTP connections to trusted IP ranges via firewall rules; disable PASSIVE mode if only ACTIVE mode is needed; (3) No patch exists for this legacy software—the vendor no longer supports FreeFloat FTP Server 1.0. Monitor vendor advisories at freefloat.com (if still operational); (4) Implement IDS/IPS signatures detecting oversized or malformed PASSIVE command payloads; (5) Run on systems with modern exploit mitigations (ASLR, DEP/NX, stack canaries) enabled to reduce exploitability even if buffer overflow occurs.

CVE-2025-5592 vulnerability details – vuln.today

Back