Skip to main content

Freefloat Ftp Server CVE-2025-5666

| EUVDEUVD-2025-17006 HIGH
Buffer Overflow (CWE-119)
2025-06-05 cna@vuldb.com
7.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
EUVD ID Assigned
Mar 14, 2026 - 17:53 euvd
EUVD-2025-17006
Analysis Generated
Mar 14, 2026 - 17:53 vuln.today
PoC Detected
Jun 24, 2025 - 15:22 vuln.today
Public exploit code
CVE Published
Jun 05, 2025 - 16:15 nvd
HIGH 7.3

DescriptionCVE.org

A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component XMKD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical buffer overflow vulnerability in the XMKD Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticated remote attackers to achieve arbitrary code execution with low-impact consequences (confidentiality, integrity, and availability). The vulnerability has been publicly disclosed with exploit code available, making it a significant risk for exposed FTP deployments; however, the CVSS 7.3 score reflects moderate rather than critical severity due to limited impact scope.

Technical ContextAI

FreeFloat FTP Server 1.0 contains a buffer overflow vulnerability (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer) in its XMKD command handler. The XMKD command is an FTP protocol extension used to create directories on the server. The vulnerability stems from insufficient bounds checking when processing XMKD command arguments, allowing an attacker to write beyond allocated buffer boundaries. This is a classic stack or heap-based buffer overflow that can be triggered via raw FTP protocol communication on the standard FTP control channel (TCP port 21). The attack requires no authentication (PR:N in CVSS vector) and exploits a flaw in how the server parses and processes user-supplied directory names in the XMKD command.

RemediationAI

Specific remediation steps: (1) Immediate: Disable or restrict network access to the FTP service using firewall rules if the service is not critical; (2) Upgrade: Contact FreeFloat vendor for patched versions (version number unknown from provided data—check vendor website for 1.0.1 or later); (3) Compensating controls: Implement network segmentation to limit FTP access to trusted IP ranges only; deploy IDS/IPS rules to detect and block oversized XMKD command arguments; (4) Long-term: Migrate to actively maintained FTP server alternatives (e.g., vsftpd, ProFTPD, Pure-FTPd) with regular security updates. Note: FreeFloat FTP Server appears to be unmaintained legacy software; consider replacement rather than patching if vendor support is unavailable.

CVE-2012-10023 MEDIUM POC
6.9 Aug 05

A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. Rated medium severity (CVSS 6.

CVE-2012-10030 CRITICAL POC
9.3 Aug 05

FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbit

CVE-2012-5106 CRITICAL POC
10.0 Jun 20

Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute arbitrary code via

CVE-2025-5548 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in the NOOP Command Handler of FreeFloat FTP Server 1.0 that allows remote, unaut

CVE-2024-0548 HIGH POC
7.5 Jan 15

A vulnerability was found in FreeFloat FTP Server 1.0 and classified as problematic. Rated high severity (CVSS 7.5), thi

CVE-2025-5667 HIGH POC
7.3 Jun 05

Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's REIN Command Handler that allows unauthenticated re

CVE-2025-5665 HIGH POC
7.3 Jun 05

Critical buffer overflow vulnerability in the XCWD Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticat

CVE-2025-5664 HIGH POC
7.3 Jun 05

Critical buffer overflow vulnerability in the RESTART Command Handler of FreeFloat FTP Server 1.0 that allows unauthenti

CVE-2025-5596 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0 affecting the REGET command handler, allowing unauthe

CVE-2025-5595 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in the PROGRESS Command Handler of FreeFloat FTP Server 1.0 that allows unauthent

CVE-2025-5594 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in the SET Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticate

CVE-2025-5593 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in the HOST Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticat

Share

CVE-2025-5666 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy