Skip to main content

Freefloat Ftp Server CVE-2025-5595

| EUVDEUVD-2025-16900 HIGH
Buffer Overflow (CWE-119)
2025-06-04 cna@vuldb.com
7.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
EUVD ID Assigned
Mar 14, 2026 - 17:29 euvd
EUVD-2025-16900
Analysis Generated
Mar 14, 2026 - 17:29 vuln.today
PoC Detected
Jun 24, 2025 - 15:21 vuln.today
Public exploit code
CVE Published
Jun 04, 2025 - 17:15 nvd
HIGH 7.3

DescriptionCVE.org

A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component PROGRESS Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical buffer overflow vulnerability in the PROGRESS Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticated remote attackers to achieve partial confidentiality, integrity, and availability impacts. The vulnerability affects FreeFloat FTP Server version 1.0 specifically, with a disclosed proof-of-concept exploit available in the public domain, indicating active interest in weaponization.

Technical ContextAI

FreeFloat FTP Server 1.0 contains a buffer overflow (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer) in its PROGRESS command handler component. This legacy FTP server implementation lacks proper input validation and bounds checking on command parameters, allowing attackers to write beyond allocated buffer boundaries. FreeFloat FTP Server is a standalone FTP daemon that implements RFC 959 FTP protocol handling. The PROGRESS command, likely a non-standard extension or undocumented feature, processes user-supplied data without adequate length verification, creating a classic stack or heap-based buffer overflow condition. The vulnerability is in the command parsing layer before protocol validation, making it trivially exploitable via direct FTP socket communication.

RemediationAI

Primary Mitigation: Immediate Decommissioning; description: FreeFloat FTP Server 1.0 is legacy software with no active vendor support. Organizations should migrate to modern, actively maintained FTP/SFTP solutions immediately. No official patches are expected. Temporary Mitigation: Network Segmentation; description: If immediate migration is impossible, restrict FTP port access (typically TCP 21) to trusted internal networks only. Implement firewall rules to deny external access. Temporary Mitigation: IDS/IPS Signatures; description: Deploy network intrusion detection signatures targeting buffer overflow attempts in PROGRESS command handlers. Monitor for anomalously long PROGRESS command parameters. Temporary Mitigation: Run-time Protection; description: Deploy Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) on systems running FreeFloat to reduce exploitation reliability. Long-term: Transition to Modern FTP Software; description: Migrate to maintained alternatives: vsftpd (Linux), ProFTPD, Pure-FTPd, or prefer SFTP/SSH File Transfer entirely.

CVE-2012-10023 MEDIUM POC
6.9 Aug 05

A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. Rated medium severity (CVSS 6.

CVE-2012-10030 CRITICAL POC
9.3 Aug 05

FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbit

CVE-2012-5106 CRITICAL POC
10.0 Jun 20

Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute arbitrary code via

CVE-2025-5548 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in the NOOP Command Handler of FreeFloat FTP Server 1.0 that allows remote, unaut

CVE-2024-0548 HIGH POC
7.5 Jan 15

A vulnerability was found in FreeFloat FTP Server 1.0 and classified as problematic. Rated high severity (CVSS 7.5), thi

CVE-2025-5667 HIGH POC
7.3 Jun 05

Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's REIN Command Handler that allows unauthenticated re

CVE-2025-5666 HIGH POC
7.3 Jun 05

Critical buffer overflow vulnerability in the XMKD Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticat

CVE-2025-5665 HIGH POC
7.3 Jun 05

Critical buffer overflow vulnerability in the XCWD Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticat

CVE-2025-5664 HIGH POC
7.3 Jun 05

Critical buffer overflow vulnerability in the RESTART Command Handler of FreeFloat FTP Server 1.0 that allows unauthenti

CVE-2025-5596 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0 affecting the REGET command handler, allowing unauthe

CVE-2025-5594 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in the SET Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticate

CVE-2025-5593 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in the HOST Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticat

Share

CVE-2025-5595 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy