CVE-2019-25329 – CVE-2019-25329 is a buffer overflow vulnerabili... (How to Fix)

Q: What is the severity of CVE-2019-25329?

CVE-2019-25329 has a CVSS score of 7.5 (HIGH). CVE-2019-25329 is a buffer overflow vulnerability in FTP Navigator 8.03 that allows attackers to crash the application via denial of service by overwriting the Structured Exception Handler with malicious input. Users of FTP Navigator 8.03 on Windows systems are affected. The vulnerability is triggered when attackers paste a specific payload into the custom command input field.

📋 TL;DR

CVE-2019-25329 is a buffer overflow vulnerability in FTP Navigator 8.03 that allows attackers to crash the application via denial of service by overwriting the Structured Exception Handler with malicious input. Users of FTP Navigator 8.03 on Windows systems are affected. The vulnerability is triggered when attackers paste a specific payload into the custom command input field.

💻 Affected Systems

Products:

FTP Navigator

Versions: 8.03

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the custom command input functionality. All installations of version 8.03 are vulnerable by default.

📦 What is this software?

Ftp Navigator by Internet Soft

View all CVEs affecting Ftp Navigator →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete application crash and denial of service, potentially disrupting file transfer operations and causing data loss if transfers are interrupted.

🟠

Likely Case

Application crash requiring restart, temporary disruption of FTP operations, and potential loss of unsaved work or interrupted transfers.

🟢

If Mitigated

Minimal impact with proper input validation and application hardening in place.

🌐 Internet-Facing: MEDIUM - Requires user interaction (pasting payload) but could be exploited through social engineering or compromised websites.

🏢 Internal Only: MEDIUM - Internal users with access could intentionally or accidentally trigger the crash.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires user interaction to paste payload into the application. Public exploit code is available with specific payload pattern (4108 'A' + 4 'B' + 40 'C').

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: http://www.internet-soft.com/

Restart Required: No

Instructions:

No official patch available. Consider upgrading to newer versions if available or using alternative FTP clients.

🔧 Temporary Workarounds

Disable Custom Command Input

windows

Restrict or disable the custom command input functionality in FTP Navigator to prevent exploitation.

Application Hardening

windows

Run FTP Navigator with reduced privileges and implement application whitelisting to prevent unauthorized code execution.

🧯 If You Can't Patch

Replace FTP Navigator with alternative FTP client software
Implement network segmentation to isolate FTP Navigator systems from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Check FTP Navigator version in Help > About. If version is 8.03, the system is vulnerable.

Check Version:

Check Help > About menu within FTP Navigator application

Verify Fix Applied:

Test by attempting to paste the exploit payload (4108 'A' + 4 'B' + 40 'C') into custom command input. If application doesn't crash, fix may be working.

📡 Detection & Monitoring

Log Indicators:

Application crash logs
Windows Event Logs showing application termination

Network Indicators:

Unusual FTP command patterns
Large input strings in FTP sessions

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="ftpnav.exe" AND Version="8.03"

📊 Metadata

CVE ID: CVE-2019-25329

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-121

EPSS Score: 0.03% exploit probability (7.4th percentile)

Published: February 12, 2026

Last Updated: March 3, 2026

🔗 References

http://www.internet-soft.com/ Product
https://www.exploit-db.com/exploits/47794 Exploit,VDB Entry
https://www.vulncheck.com/advisories/ftp-navigator-custom-command-denial-of-service-seh Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-25329, you might also want to check these: