Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component SET Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
Critical buffer overflow vulnerability in the SET Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticated remote attackers to trigger memory corruption with potential for code execution or service disruption. The vulnerability has been publicly disclosed with exploit code available, increasing immediate risk of active exploitation in the wild. With a CVSS score of 7.3 and network-accessible attack vector requiring no privileges or user interaction, this represents a significant threat to any FTP infrastructure running the affected version.
Technical ContextAI
FreeFloat FTP Server 1.0 contains an input validation flaw in its SET command handler component, which fails to properly bounds-check user-supplied data before writing to a fixed-size buffer. This is a classic stack-based or heap-based buffer overflow (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer), a memory safety violation that allows attackers to overwrite adjacent memory regions. The FTP protocol's command-based architecture means the SET command is directly accessible over the network without prior authentication, making this trivially reachable. The vulnerability likely resides in the command parsing logic where the handler processes arguments without adequate length validation before copying them into an internal buffer.
More in Freefloat Ftp Server
View allA stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. Rated medium severity (CVSS 6.
FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbit
Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute arbitrary code via
Critical buffer overflow vulnerability in the NOOP Command Handler of FreeFloat FTP Server 1.0 that allows remote, unaut
A vulnerability was found in FreeFloat FTP Server 1.0 and classified as problematic. Rated high severity (CVSS 7.5), thi
Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's REIN Command Handler that allows unauthenticated re
Critical buffer overflow vulnerability in the XMKD Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticat
Critical buffer overflow vulnerability in the XCWD Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticat
Critical buffer overflow vulnerability in the RESTART Command Handler of FreeFloat FTP Server 1.0 that allows unauthenti
Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0 affecting the REGET command handler, allowing unauthe
Critical buffer overflow vulnerability in the PROGRESS Command Handler of FreeFloat FTP Server 1.0 that allows unauthent
Critical buffer overflow vulnerability in the HOST Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticat
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-16895