CVE-2025-11947
📋 TL;DR
A heap-based buffer overflow vulnerability exists in bftpd's configuration file handler when processing group expansions. This allows local attackers to potentially execute arbitrary code or crash the service. Only bftpd installations up to version 6.2 are affected.
💻 Affected Systems
- bftpd
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation leading to full system compromise via arbitrary code execution as the bftpd process user.
Likely Case
Service crash (denial of service) due to memory corruption, disrupting FTP services.
If Mitigated
Limited impact with proper access controls and process isolation, potentially just service restart.
🎯 Exploit Status
Exploit details are publicly available but attacks are described as highly complex and difficult to execute.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 6.3 or later
Vendor Advisory: Not provided by vendor (vendor did not respond to disclosure)
Restart Required: Yes
Instructions:
1. Download latest bftpd version from official source. 2. Stop bftpd service. 3. Install updated version. 4. Restart bftpd service.
🔧 Temporary Workarounds
Restrict configuration file access
allLimit write access to bftpd configuration files to prevent malicious modifications
chmod 640 /etc/bftpd.conf
chown root:root /etc/bftpd.conf
Disable group expansion
allRemove or comment out group expansion directives in configuration if not needed
# Comment out any 'expand_groups' or group-related directives in bftpd.conf
🧯 If You Can't Patch
- Implement strict access controls to prevent local users from modifying bftpd configuration files
- Run bftpd in a container or chroot jail to limit potential damage from exploitation
🔍 How to Verify
Check if Vulnerable:
Check bftpd version: 'bftpd -v' or examine installed package versionCheck Version:
bftpd -vVerify Fix Applied:
Verify version is 6.3 or higher: 'bftpd -v | grep -q "6\.[3-9]\|7\.[0-9]"'📡 Detection & Monitoring
Log Indicators:
- Segmentation fault or crash logs from bftpd
- Unexpected process termination
Network Indicators:
- Sudden FTP service unavailability
- Connection resets on FTP port
SIEM Query:
source="bftpd.log" AND ("segmentation fault" OR "crash" OR "SIGSEGV")