What is the CVSS score of CVE-2025-5593?

CVE-2025-5593 has a CVSS 3.1 base score of 7.3 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L. EPSS exploitation probability: 0.2%.

Which versions of Ftp are affected by CVE-2025-5593?

FreeFloat FTP Server 1.0 contains a critical buffer overflow vulnerability that allows remote attackers to execute arbitrary code without authentication.

Is there a public PoC exploit available for CVE-2025-5593?

Yes, a public proof-of-concept exploit is available for CVE-2025-5593. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-5593?

Within 24 hours: Identify all systems running FreeFloat FTP Server 1.0 and isolate them from production networks or disable the FTP service immediately. Within 7 days: Evaluate migration to a supported, modern FTP alternative (e.g., ProFTPD, vsftpd, or cloud-based SFTP solutions). Within 30 days: Complete decommissioning of FreeFloat FTP Server 1.0 and implement SFTP as the replacement protocol across the organization.

Ftp CVE-2025-5593

EUVD-2025-16896 HIGH

Buffer Overflow (CWE-119)

2025-06-04 cna@vuldb.com

Buffer Overflow Denial Of Service Remote Code Execution Ftp Freefloat Ftp Server

7.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 17:29 euvd

EUVD-2025-16896

Analysis Generated

Mar 14, 2026 - 17:29 vuln.today

PoC Detected

Jun 13, 2025 - 01:00 vuln.today

Public exploit code

CVE Published

Jun 04, 2025 - 16:15 nvd

HIGH 7.3

DescriptionNVD

A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component HOST Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical buffer overflow vulnerability in the HOST Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticated remote attackers to trigger a denial of service or potentially achieve code execution. The vulnerability has a disclosed public exploit and may be actively exploited in the wild. With a CVSS score of 7.3 and network-accessible attack vector, this poses significant risk to any organization running the affected FTP server without immediate patching.

Technical ContextAI

FreeFloat FTP Server 1.0 contains a buffer overflow vulnerability (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer) in its HOST command handler component. The HOST command is part of the FTP protocol specification and is processed without adequate input validation or bounds checking. When a remote client sends a specially crafted HOST command with an oversized payload, the server fails to validate the input length before copying it to a fixed-size buffer on the stack or heap, resulting in a classic buffer overflow. This memory corruption can lead to process crash (DoS) or, with careful payload crafting, arbitrary code execution with the privileges of the FTP service (typically SYSTEM or root on many configurations). The vulnerability affects FreeFloat FTP Server version 1.0 specifically (CPE: cpe:2.3:a:freefloat:freefloat_ftp_server:1.0:*:*:*:*:*:*:*).

RemediationAI

Immediate actions: (1) Disable or uninstall FreeFloat FTP Server 1.0 if no longer required for business operations; (2) If continued use is necessary, immediately isolate the FTP server behind a network firewall, restricting FTP (ports 20/21) access to trusted internal networks only—block all inbound FTP from the internet; (3) Monitor FTP server logs for suspicious HOST commands or connection attempts from unexpected sources; (4) Contact FreeFloat vendor directly to confirm patch availability for version 1.0—if no patch is available and the product is unsupported, plan urgent migration to a modern, actively-maintained FTP server alternative (e.g., vsftpd, ProFTPD, Pure-FTPd with current security patches); (5) Implement network-level intrusion detection/prevention (IDS/IPS) rules to detect and block buffer overflow attempts on FTP ports. No specific patch version is documented; prioritize vendor contact over waiting for patch details.

CVE-2025-5593 vulnerability details – vuln.today

Back