Skip to main content

Freefloat Ftp Server EUVDEUVD-2025-16796

| CVE-2025-5547 HIGH
Buffer Overflow (CWE-119)
2025-06-04 cna@vuldb.com
7.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
EUVD ID Assigned
Mar 14, 2026 - 17:29 euvd
EUVD-2025-16796
Analysis Generated
Mar 14, 2026 - 17:29 vuln.today
PoC Detected
Jun 24, 2025 - 15:20 vuln.today
Public exploit code
CVE Published
Jun 04, 2025 - 00:15 nvd
HIGH 7.3

DescriptionCVE.org

A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. This issue affects some unknown processing of the component CDUP Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0 affecting the CDUP (Change Directory Up) command handler, allowing unauthenticated remote attackers to achieve code execution or denial of service. The vulnerability has been publicly disclosed with exploit code available, and the CVSS 7.3 score reflects moderate-to-high severity with low attack complexity and no privileges required. This is a high-priority issue for organizations running legacy FTP infrastructure, particularly given the remote, unauthenticated attack vector and public exploit availability.

Technical ContextAI

FreeFloat FTP Server 1.0 is a legacy FTP server implementation. The vulnerability exists in the CDUP command handler—a standard FTP command used to navigate up one directory level in the server's file system hierarchy. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow condition where input validation on the CDUP command is insufficient, allowing an attacker to write beyond allocated buffer boundaries. The FTP protocol operates over TCP port 21 and accepts commands in plaintext; the CDUP handler's failure to properly bounds-check or sanitize directory traversal input creates a memory safety violation. CPE identifier for affected product: cpe:2.3:a:freefloat:ftp_server:1.0:*:*:*:*:*:*:*. Legacy FTP implementations, particularly those written in unsafe languages (C/C++) without modern buffer protection mechanisms, are commonly vulnerable to this class of overflow.

RemediationAI

  • action: Immediate Patching; details: Upgrade FreeFloat FTP Server to a patched version. As of the CVE disclosure date (2025), verify latest stable release availability from the vendor. If no patch is available, this product should be considered end-of-life and replaced.; priority: Critical
  • action: Network Segmentation; details: Restrict FTP (TCP 21) access to trusted IP ranges only via firewall rules. Disable external FTP access if possible; consider VPN-gating or IP whitelisting. FTP should not be directly internet-facing.; priority: High
  • action: Protocol Migration; details: Migrate from FTP to SFTP (SSH File Transfer Protocol) or FTPS (FTP over TLS). Modern implementations using well-maintained libraries (OpenSSL, libssh2) significantly reduce buffer overflow risk.; priority: High
  • action: Monitoring & IDS; details: Deploy IDS/IPS signatures to detect malformed CDUP commands with unusually long arguments or payload patterns. Monitor FTP server logs for crash events or unexpected terminations indicating exploitation attempts.; priority: Medium
  • action: Asset Inventory; details: Scan internal network for FreeFloat FTP Server 1.0 instances using port 21 banners (nmap -sV -p21) or vulnerability scanners (Nessus, OpenVAS). Document business criticality and create remediation timeline.; priority: High
  • action: If Patching Unavailable; details: Disable CDUP command if server configuration allows selective command filtering. Implement reverse proxy/WAF with CDUP command blocking. Consider running FTP server in a containerized or VM sandbox to limit blast radius.; priority: Medium
CVE-2012-10023 MEDIUM POC
6.9 Aug 05

A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. Rated medium severity (CVSS 6.

CVE-2012-10030 CRITICAL POC
9.3 Aug 05

FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbit

CVE-2012-5106 CRITICAL POC
10.0 Jun 20

Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute arbitrary code via

CVE-2025-5548 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in the NOOP Command Handler of FreeFloat FTP Server 1.0 that allows remote, unaut

CVE-2024-0548 HIGH POC
7.5 Jan 15

A vulnerability was found in FreeFloat FTP Server 1.0 and classified as problematic. Rated high severity (CVSS 7.5), thi

CVE-2025-5667 HIGH POC
7.3 Jun 05

Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's REIN Command Handler that allows unauthenticated re

CVE-2025-5666 HIGH POC
7.3 Jun 05

Critical buffer overflow vulnerability in the XMKD Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticat

CVE-2025-5665 HIGH POC
7.3 Jun 05

Critical buffer overflow vulnerability in the XCWD Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticat

CVE-2025-5664 HIGH POC
7.3 Jun 05

Critical buffer overflow vulnerability in the RESTART Command Handler of FreeFloat FTP Server 1.0 that allows unauthenti

CVE-2025-5596 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0 affecting the REGET command handler, allowing unauthe

CVE-2025-5595 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in the PROGRESS Command Handler of FreeFloat FTP Server 1.0 that allows unauthent

CVE-2025-5594 HIGH POC
7.3 Jun 04

Critical buffer overflow vulnerability in the SET Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticate

Share

EUVD-2025-16796 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy