EUVD-2025-16896

| CVE-2025-5593 HIGH
2025-06-04 [email protected]
7.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Analysis Generated
Mar 14, 2026 - 17:29 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 17:29 euvd
EUVD-2025-16896
PoC Detected
Jun 13, 2025 - 01:00 vuln.today
Public exploit code
CVE Published
Jun 04, 2025 - 16:15 nvd
HIGH 7.3

Tags

Buffer Overflow Ftp Remote Code Execution Denial Of Service Freefloat Ftp Server

Description

A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component HOST Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical buffer overflow vulnerability in the HOST Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticated remote attackers to trigger a denial of service or potentially achieve code execution. The vulnerability has a disclosed public exploit and may be actively exploited in the wild. With a CVSS score of 7.3 and network-accessible attack vector, this poses significant risk to any organization running the affected FTP server without immediate patching.

Technical Context

FreeFloat FTP Server 1.0 contains a buffer overflow vulnerability (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer) in its HOST command handler component. The HOST command is part of the FTP protocol specification and is processed without adequate input validation or bounds checking. When a remote client sends a specially crafted HOST command with an oversized payload, the server fails to validate the input length before copying it to a fixed-size buffer on the stack or heap, resulting in a classic buffer overflow. This memory corruption can lead to process crash (DoS) or, with careful payload crafting, arbitrary code execution with the privileges of the FTP service (typically SYSTEM or root on many configurations). The vulnerability affects FreeFloat FTP Server version 1.0 specifically (CPE: cpe:2.3:a:freefloat:freefloat_ftp_server:1.0:*:*:*:*:*:*:*).

Affected Products

FreeFloat FTP Server 1.0 (all configurations). CPE: cpe:2.3:a:freefloat:freefloat_ftp_server:1.0:*:*:*:*:*:*:*. Vendor: FreeFloat. Product: FreeFloat FTP Server. Affected Version: 1.0. No patch version information is provided in the available intelligence; FreeFloat FTP Server is legacy software with uncertain vendor support status. Organizations should verify vendor patch availability and support status directly with FreeFloat or through their internal asset management systems.

Remediation

Immediate actions: (1) Disable or uninstall FreeFloat FTP Server 1.0 if no longer required for business operations; (2) If continued use is necessary, immediately isolate the FTP server behind a network firewall, restricting FTP (ports 20/21) access to trusted internal networks only—block all inbound FTP from the internet; (3) Monitor FTP server logs for suspicious HOST commands or connection attempts from unexpected sources; (4) Contact FreeFloat vendor directly to confirm patch availability for version 1.0—if no patch is available and the product is unsupported, plan urgent migration to a modern, actively-maintained FTP server alternative (e.g., vsftpd, ProFTPD, Pure-FTPd with current security patches); (5) Implement network-level intrusion detection/prevention (IDS/IPS) rules to detect and block buffer overflow attempts on FTP ports. No specific patch version is documented; prioritize vendor contact over waiting for patch details.

Priority Score

57
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +36
POC: +20

Share

EUVD-2025-16896 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy