How to fix EUVD-2025-16815?

Within 24 hours: Identify and inventory all systems running FreeFloat FTP Server 1.0; isolate affected systems from untrusted networks if possible. Within 7 days: Disable the FTP service if business operations permit, or implement network-level access controls restricting FTP traffic to authorized sources only; monitor for exploitation attempts. Within 30 days: Migrate to a patched version of FreeFloat FTP Server or transition to an alternative, actively maintained FTP solution.

Is Ftp affected by EUVD-2025-16815?

A remote buffer overflow vulnerability in FreeFloat FTP Server 1.0 poses an immediate risk to organizations using this software, as public exploits are available and no patch currently exists.

EUVD-2025-16815

| CVE-2025-5548 HIGH

2025-06-04 [email protected]

7.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 17:29 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 17:29 euvd

EUVD-2025-16815

PoC Detected

Jun 24, 2025 - 15:21 vuln.today

Public exploit code

CVE Published

Jun 04, 2025 - 01:15 nvd

HIGH 7.3

Description

A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component NOOP Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical buffer overflow vulnerability in the NOOP Command Handler of FreeFloat FTP Server 1.0 that allows remote, unauthenticated attackers to achieve arbitrary code execution or cause denial of service. The vulnerability has been publicly disclosed with working exploits available, and while the CVSS score of 7.3 indicates moderate severity, the combination of remote exploitability, lack of authentication requirements, and confirmed public disclosure elevates real-world risk significantly.

Technical Context

FreeFloat FTP Server 1.0 implements an FTP (File Transfer Protocol) daemon with a NOOP (No Operation) command handler that improperly validates input buffer lengths. The vulnerability is rooted in CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic stack or heap buffer overflow condition. When processing NOOP commands, the server fails to enforce proper bounds checking on command arguments, allowing an attacker to write beyond allocated memory regions. This affects the FTP control channel protocol (typically TCP port 21) where command parsing occurs. The affected CPE would be cpe:2.3:a:freefloat:freefloat_ftp_server:1.0, with all installation variants vulnerable regardless of configuration.

Affected Products

FreeFloat FTP Server (['1.0'])

Remediation

Contact FreeFloat vendor to determine if any patched version exists; if no vendor support available, product should be discontinued Workaround: Implement network-level ACLs to limit connections to port 21/TCP to trusted sources only Mitigation: Configure intrusion detection/prevention systems to monitor for FTP NOOP command overflow patterns Long-term: Inventory all systems running FreeFloat FTP Server 1.0 and migrate to supported alternatives

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +3.2

CVSS: +36

POC: +20

EUVD-2025-16815 vulnerability details – vuln.today

Back

EUVD-2025-16815

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-16815

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code