EUVD-2025-17005

| CVE-2025-5667 HIGH
2025-06-05 [email protected]
7.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Analysis Generated
Mar 14, 2026 - 17:53 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 17:53 euvd
EUVD-2025-17005
PoC Detected
Jun 24, 2025 - 15:22 vuln.today
Public exploit code
CVE Published
Jun 05, 2025 - 16:15 nvd
HIGH 7.3

Tags

Buffer Overflow Freefloat Ftp Server

Description

A vulnerability was found in FreeFloat FTP Server 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component REIN Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's REIN Command Handler that allows unauthenticated remote attackers to cause information disclosure, integrity compromise, and denial of service. The vulnerability has been publicly disclosed with exploit code available, making it a high-priority threat for any organization running vulnerable FTP server instances.

Technical Context

FreeFloat FTP Server 1.0 contains a buffer overflow vulnerability (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer) in the REIN (Reset) command handler component. The REIN command is a standard FTP protocol command used to restart file transfer sessions. The vulnerability stems from insufficient input validation or bounds checking when processing REIN command arguments, allowing an attacker to write data beyond allocated buffer boundaries. This is a classic memory corruption vulnerability that can lead to arbitrary code execution or information leakage. The affected product is identified through CPE strings related to FreeFloat FTP Server version 1.0.

Affected Products

FreeFloat FTP Server version 1.0 - all installations. The REIN Command Handler component is the attack surface. No evidence of patched versions identified in available intelligence. Legacy nature of version 1.0 suggests this product may no longer receive vendor support or updates.

Remediation

Immediate remediation steps: (1) Disable FTP Server 1.0 if not operationally critical, replacing with modern, actively-maintained alternatives (e.g., vsftpd, ProFTPD, or cloud-based file transfer solutions); (2) If retention is mandatory: implement network segmentation restricting FTP access to trusted IP ranges only via firewall rules; (3) Monitor FTP server logs for REIN command anomalies and connection attempts from unexpected sources; (4) Deploy intrusion detection/prevention systems (IDS/IPS) with signatures for buffer overflow attempts against FTP REIN commands; (5) Contact FreeFloat vendor for patch availability - if no patch exists for version 1.0, plan immediate migration to patched or alternative FTP server software; (6) Implement rate limiting on FTP command processing to mitigate automated exploitation attempts.

Priority Score

57
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +36
POC: +20

Share

EUVD-2025-17005 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy