Skip to main content

Freefloat Ftp Server CVE-2025-5664

| EUVDEUVD-2025-17004 HIGH
Buffer Overflow (CWE-119)
2025-06-05 cna@vuldb.com
7.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
EUVD ID Assigned
Mar 14, 2026 - 17:53 euvd
EUVD-2025-17004
Analysis Generated
Mar 14, 2026 - 17:53 vuln.today
PoC Detected
Jun 24, 2025 - 15:21 vuln.today
Public exploit code
CVE Published
Jun 05, 2025 - 15:15 nvd
HIGH 7.3

DescriptionCVE.org

A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component RESTART Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical buffer overflow vulnerability in the RESTART Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticated remote attackers to cause denial of service and potentially achieve information disclosure or integrity compromise. The vulnerability is classified as critical by the vendor, has a disclosed proof-of-concept, and poses immediate risk to exposed FTP servers; however, the CVSS 7.3 score reflects moderate actual impact (low confidentiality, integrity, and availability) rather than critical severity.

Technical ContextAI

FreeFloat FTP Server is a Windows-based FTP daemon that implements RFC 959 FTP protocol. The vulnerability exists in the RESTART (REST) command handler, which is responsible for setting the restart/resume point for file transfers. The ROOT CAUSE is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic stack or heap buffer overflow. When a malformed REST command with an oversized argument is sent to the FTP server, the handler fails to properly validate input length before copying data into a fixed-size buffer. Since FTP RESTART commands are part of the core protocol and require no authentication (RFC 959 specifies REST as a non-authenticated command), any network-accessible FTP server is vulnerable. The affected CPE would be: cpe:2.3:a:freefloat:freefloat_ftp_server:1.0:*:*:*:*:*:*:* (exact CPE not provided in source but inferred from description). The buffer overflow occurs in memory space controlled by the FTP service process, potentially enabling code execution or crash-based DoS.

RemediationAI

PRIMARY: Upgrade to a patched version of FreeFloat FTP Server if available from vendor (vendor advisory must be consulted—none provided in source). SECONDARY (if no patch exists): (1) Disable FTP service entirely and migrate to SFTP/SSH File Transfer (recommended); (2) Restrict FTP port access via firewall to trusted internal networks only; (3) Run FTP service under a least-privilege account to limit code execution impact; (4) Monitor FTP logs for suspicious REST commands (e.g., unusually long arguments); (5) Deploy intrusion detection signatures to alert on malformed RESTART commands; (6) Consider WAF/IPS rules to drop REST commands with payloads exceeding normal size limits (typically <10 bytes for numeric arguments). PATCH STATUS: Unknown—organization must contact FreeFloat vendor directly. Given the age of FreeFloat 1.0, vendor may have ceased support; in this case, migration to modern FTP/SFTP alternatives is mandatory.

CVE-2012-10023 MEDIUM POC
6.9 Aug 05

A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. Rated medium severity (CVSS 6.

CVE-2012-10030 CRITICAL POC
9.3 Aug 05

FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbit

CVE-2012-5106 CRITICAL POC
10.0 Jun 20

Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute arbitrary code via

CVE-2025-5548 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in the NOOP Command Handler of FreeFloat FTP Server 1.0 that allows remote, unaut

CVE-2024-0548 HIGH POC
7.5 Jan 15

A vulnerability was found in FreeFloat FTP Server 1.0 and classified as problematic. Rated high severity (CVSS 7.5), thi

CVE-2025-5667 HIGH POC
7.3 Jun 05

Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's REIN Command Handler that allows unauthenticated re

CVE-2025-5666 HIGH POC
7.3 Jun 05

Critical buffer overflow vulnerability in the XMKD Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticat

CVE-2025-5665 HIGH POC
7.3 Jun 05

Critical buffer overflow vulnerability in the XCWD Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticat

CVE-2025-5596 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0 affecting the REGET command handler, allowing unauthe

CVE-2025-5595 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in the PROGRESS Command Handler of FreeFloat FTP Server 1.0 that allows unauthent

CVE-2025-5594 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in the SET Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticate

CVE-2025-5593 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in the HOST Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticat

Share

CVE-2025-5664 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy