What is the CVSS score of EUVD-2025-17003?

EUVD-2025-17003 has a CVSS 3.1 base score of 7.3 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L. EPSS exploitation probability: 0.2%.

Which versions of Freefloat Ftp Server are affected by EUVD-2025-17003?

FreeFloat FTP Server 1.0 contains a critical buffer overflow vulnerability in the XCWD command handler that allows remote code execution without authentication.

Is there a public PoC exploit available for EUVD-2025-17003?

Yes, a public proof-of-concept exploit is available for EUVD-2025-17003. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate EUVD-2025-17003?

Within 24 hours: Identify all FreeFloat FTP Server 1.0 instances across the network and isolate them or restrict network access to trusted IPs only. Within 7 days: Evaluate migration alternatives to a supported FTP solution (e.g., vsftpd, ProFTPD) or disable FTP services entirely if not operationally required. Within 30 days: Complete migration from FreeFloat FTP Server 1.0 or implement strict network segmentation with WAF rules blocking XCWD commands if migration is not feasible.

Freefloat Ftp Server EUVD-2025-17003

| CVE-2025-5665 HIGH

Buffer Overflow (CWE-119)

2025-06-05 cna@vuldb.com

Buffer Overflow Freefloat Ftp Server

7.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 17:53 euvd

EUVD-2025-17003

Analysis Generated

Mar 14, 2026 - 17:53 vuln.today

PoC Detected

Jun 24, 2025 - 15:22 vuln.today

Public exploit code

CVE Published

Jun 05, 2025 - 15:15 nvd

HIGH 7.3

DescriptionNVD

A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function of the component XCWD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical buffer overflow vulnerability in the XCWD Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticated remote attackers to cause denial of service and potentially achieve code execution with confidentiality, integrity, and availability impact. The vulnerability has been publicly disclosed with exploit code available, making it an active threat to exposed FTP server instances. With a CVSS score of 7.3 and network-based attack vector requiring no privileges or user interaction, this represents a significant risk to unpatched deployments.

Technical ContextAI

FreeFloat FTP Server 1.0 contains a buffer overflow vulnerability (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer) in its XCWD (Extended Change Working Directory) command handler component. The XCWD command is part of the FTP protocol specification and is used to change the server's working directory. The vulnerability arises from insufficient input validation and bounds checking when processing XCWD command arguments, allowing an attacker to write beyond allocated buffer boundaries. CWE-119 is a classic memory safety issue that can lead to stack corruption, heap corruption, or code execution depending on memory layout and exploitation technique. The affected product CPE is likely 'cpe:2.3:a:freefloat:ftp_server:1.0:*:*:*:*:*:*:*' based on the vendor and version information provided.

RemediationAI

Immediate remediation options: (1) PATCH: Upgrade from FreeFloat FTP Server 1.0 to a patched version if available from the vendor; however, no patched version has been publicly announced as of this analysis—contact FreeFloat directly for patch availability and timeline. (2) NETWORK ISOLATION: Disable or restrict FTP access by implementing firewall rules to block inbound FTP connections (ports 20-21) from untrusted networks; allow only necessary internal connections. (3) SERVICE REPLACEMENT: Migrate to actively maintained FTP server alternatives (e.g., vsftpd on Linux, ProFTPD, IIS FTP on Windows) with modern security practices. (4) TEMPORARY MITIGATION: If immediate migration is not feasible, disable XCWD command support via server configuration if such options exist, or implement command filtering at the firewall level. (5) MONITORING: Deploy IDS/IPS rules to detect XCWD command buffer overflow attempts (excessive argument lengths). Recommended priority: Replace or isolate the server within 48-72 hours.

EUVD-2025-17003 vulnerability details – vuln.today

Back