Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function of the component REGET Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0 affecting the REGET command handler, allowing unauthenticated remote attackers to achieve code execution or denial of service. The vulnerability has been publicly disclosed with proof-of-concept code available, and while CVSS 7.3 indicates moderate-to-high severity, the network-accessible attack vector (AV:N), lack of authentication requirements (PR:N), and confirmed public exploit code represent significant real-world risk for exposed FTP services.
Technical ContextAI
FreeFloat FTP Server is a Windows-based FTP server application vulnerable in version 1.0. The vulnerability resides in the REGET command handler—a standard FTP command used to resume interrupted file transfers from a specified byte offset. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow condition where user-controlled input (likely the offset parameter or filename in the REGET command) is not properly validated before being written to a fixed-size stack or heap buffer. The FTP protocol (RFC 959) defines REGET as a non-standard extension, making implementations more prone to inconsistent input validation. The overflow occurs in an 'unknown function' of the command handler, suggesting the vulnerability may be in argument parsing or internal buffer management rather than core FTP protocol logic.
RemediationAI
Primary: Discontinue use of FreeFloat FTP Server 1.0 and migrate to actively maintained FTP server software or preferably adopt SFTP (SSH File Transfer Protocol) or other modern secure file transfer mechanisms. Immediate interim mitigations if replacement is not immediately feasible: (1) Network segmentation—restrict FTP access (TCP/21) to trusted internal networks only, using firewall rules; (2) Disable REGET command via server configuration if supported; (3) Run FTP server with minimal privileges (non-Administrator account) to limit impact of code execution; (4) Monitor FTP server logs for REGET command attempts; (5) Implement IDS/IPS rules to detect buffer overflow attempts targeting REGET with abnormally long parameters. No official patch version is documented; vendor contact information and security advisory links were not provided in available intelligence. Recommend searching FreeFloat's website or contacting vendor directly for patch availability.
More in Freefloat Ftp Server
View allA stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. Rated medium severity (CVSS 6.
FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbit
Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute arbitrary code via
Critical buffer overflow vulnerability in the NOOP Command Handler of FreeFloat FTP Server 1.0 that allows remote, unaut
A vulnerability was found in FreeFloat FTP Server 1.0 and classified as problematic. Rated high severity (CVSS 7.5), thi
Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's REIN Command Handler that allows unauthenticated re
Critical buffer overflow vulnerability in the XMKD Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticat
Critical buffer overflow vulnerability in the XCWD Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticat
Critical buffer overflow vulnerability in the RESTART Command Handler of FreeFloat FTP Server 1.0 that allows unauthenti
Critical buffer overflow vulnerability in the PROGRESS Command Handler of FreeFloat FTP Server 1.0 that allows unauthent
Critical buffer overflow vulnerability in the SET Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticate
Critical buffer overflow vulnerability in the HOST Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticat
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-16898