Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. This vulnerability affects unknown code of the component PLS Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
Critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 affecting the PLS Command Handler component. Remote attackers can exploit this flaw without authentication or user interaction to achieve confidentiality, integrity, and availability impacts. Public exploit code is available and the vulnerability may be actively exploited in the wild.
Technical ContextAI
PCMan FTP Server is a lightweight FTP (File Transfer Protocol) server implementation. The vulnerability exists in the PLS Command Handler—a component responsible for parsing and processing the PLS protocol command. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow vulnerability where untrusted input from remote FTP clients is not properly validated before being written to a fixed-size buffer. This allows an attacker to overflow the buffer, potentially corrupting adjacent memory, executing arbitrary code, or causing denial of service. The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring no authentication (PR:N) or user interaction (UI:N), making exploitation straightforward.
Wing FTP Server before 7.4.4 contains a critical remote code execution vulnerability (CVE-2025-47812, CVSS 10.0) through
Critical buffer overflow vulnerability in the NOOP Command Handler of FreeFloat FTP Server 1.0 that allows remote, unaut
The FTP (aka "Implementation of a simple FTP client and server") project through 96c1a35 allows remote attackers to caus
Critical buffer overflow vulnerability in PCMan FTP Server 2.0.7's SYSTEM Command Handler that allows unauthenticated re
Critical buffer overflow vulnerability in the SET Command Handler of PCMan FTP Server 2.0.7 that allows remote attackers
A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 7.3). Risk factors: public PoC available
Critical buffer overflow vulnerability in the HOST Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticat
Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's SYSTEM Command Handler that allows unauthenticated
Critical buffer overflow vulnerability in the PASV command handler of FreeFloat FTP Server 1.0 that allows unauthenticat
Linux kernel netfilter FTP NAT helper fails to properly initialize sequence adjustment extensions when connection tracki
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-16958