Skip to main content

Freefloat Ftp Server CVE-2025-5665

| EUVDEUVD-2025-17003 HIGH
Buffer Overflow (CWE-119)
2025-06-05 cna@vuldb.com
7.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
EUVD ID Assigned
Mar 14, 2026 - 17:53 euvd
EUVD-2025-17003
Analysis Generated
Mar 14, 2026 - 17:53 vuln.today
PoC Detected
Jun 24, 2025 - 15:22 vuln.today
Public exploit code
CVE Published
Jun 05, 2025 - 15:15 nvd
HIGH 7.3

DescriptionCVE.org

A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function of the component XCWD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical buffer overflow vulnerability in the XCWD Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticated remote attackers to cause denial of service and potentially achieve code execution with confidentiality, integrity, and availability impact. The vulnerability has been publicly disclosed with exploit code available, making it an active threat to exposed FTP server instances. With a CVSS score of 7.3 and network-based attack vector requiring no privileges or user interaction, this represents a significant risk to unpatched deployments.

Technical ContextAI

FreeFloat FTP Server 1.0 contains a buffer overflow vulnerability (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer) in its XCWD (Extended Change Working Directory) command handler component. The XCWD command is part of the FTP protocol specification and is used to change the server's working directory. The vulnerability arises from insufficient input validation and bounds checking when processing XCWD command arguments, allowing an attacker to write beyond allocated buffer boundaries. CWE-119 is a classic memory safety issue that can lead to stack corruption, heap corruption, or code execution depending on memory layout and exploitation technique. The affected product CPE is likely 'cpe:2.3:a:freefloat:ftp_server:1.0:*:*:*:*:*:*:*' based on the vendor and version information provided.

RemediationAI

Immediate remediation options: (1) PATCH: Upgrade from FreeFloat FTP Server 1.0 to a patched version if available from the vendor; however, no patched version has been publicly announced as of this analysis—contact FreeFloat directly for patch availability and timeline. (2) NETWORK ISOLATION: Disable or restrict FTP access by implementing firewall rules to block inbound FTP connections (ports 20-21) from untrusted networks; allow only necessary internal connections. (3) SERVICE REPLACEMENT: Migrate to actively maintained FTP server alternatives (e.g., vsftpd on Linux, ProFTPD, IIS FTP on Windows) with modern security practices. (4) TEMPORARY MITIGATION: If immediate migration is not feasible, disable XCWD command support via server configuration if such options exist, or implement command filtering at the firewall level. (5) MONITORING: Deploy IDS/IPS rules to detect XCWD command buffer overflow attempts (excessive argument lengths). Recommended priority: Replace or isolate the server within 48-72 hours.

CVE-2012-10023 MEDIUM POC
6.9 Aug 05

A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. Rated medium severity (CVSS 6.

CVE-2012-10030 CRITICAL POC
9.3 Aug 05

FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbit

CVE-2012-5106 CRITICAL POC
10.0 Jun 20

Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute arbitrary code via

CVE-2025-5548 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in the NOOP Command Handler of FreeFloat FTP Server 1.0 that allows remote, unaut

CVE-2024-0548 HIGH POC
7.5 Jan 15

A vulnerability was found in FreeFloat FTP Server 1.0 and classified as problematic. Rated high severity (CVSS 7.5), thi

CVE-2025-5667 HIGH POC
7.3 Jun 05

Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's REIN Command Handler that allows unauthenticated re

CVE-2025-5666 HIGH POC
7.3 Jun 05

Critical buffer overflow vulnerability in the XMKD Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticat

CVE-2025-5664 HIGH POC
7.3 Jun 05

Critical buffer overflow vulnerability in the RESTART Command Handler of FreeFloat FTP Server 1.0 that allows unauthenti

CVE-2025-5596 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0 affecting the REGET command handler, allowing unauthe

CVE-2025-5595 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in the PROGRESS Command Handler of FreeFloat FTP Server 1.0 that allows unauthent

CVE-2025-5594 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in the SET Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticate

CVE-2025-5593 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in the HOST Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticat

Share

CVE-2025-5665 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy