CVE-2025-3349 – A critical buffer overflow vulnerability in PCM... (How to Fix)

Q: What is the severity of CVE-2025-3349?

CVE-2025-3349 has a CVSS score of 7.3 (HIGH). A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execute arbitrary code by sending a specially crafted SYST command. This affects all systems running the vulnerable FTP server version. Attackers can exploit this without authentication to potentially gain full control of affected systems.

📋 TL;DR

A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execute arbitrary code by sending a specially crafted SYST command. This affects all systems running the vulnerable FTP server version. Attackers can exploit this without authentication to potentially gain full control of affected systems.

💻 Affected Systems

Products:

PCMan FTP Server

Versions: 2.0.7

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of version 2.0.7 are vulnerable regardless of configuration. The SYST command is a standard FTP command that cannot be disabled.

📦 What is this software?

Ftp Server by Pcman

View all CVEs affecting Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, ransomware deployment, or creation of persistent backdoors.

🟠

Likely Case

Remote code execution resulting in system compromise, service disruption, and potential lateral movement within the network.

🟢

If Mitigated

Denial of service or service crash if exploit fails, but successful exploitation still likely leads to code execution.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and public exploit code exists.

🏢 Internal Only: MEDIUM - Still significant risk if internal attackers exist, but requires network access to the FTP server.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available, making exploitation trivial for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch exists. Consider migrating to alternative FTP server software or implementing workarounds.

🔧 Temporary Workarounds

Network Segmentation

windows

Block external access to FTP server using firewall rules

netsh advfirewall firewall add rule name="Block FTP" dir=in action=block protocol=TCP localport=21

Disable FTP Service

windows

Stop and disable the FTP server service

sc stop "PCMan FTP Server"
sc config "PCMan FTP Server" start= disabled

🧯 If You Can't Patch

Replace PCMan FTP Server with alternative secure FTP software like FileZilla Server or vsftpd
Implement strict network access controls to limit FTP server access to trusted IP addresses only

🔍 How to Verify

Check if Vulnerable:

Check if PCMan FTP Server version 2.0.7 is installed and running on port 21/TCP

Check Version:

Check program files directory for PCMan FTP Server installation and version information

Verify Fix Applied:

Verify FTP server is no longer running or has been replaced with alternative software

📡 Detection & Monitoring

Log Indicators:

Multiple failed SYST command attempts
Unusual buffer overflow errors in FTP logs
SYST commands with abnormally long parameters

Network Indicators:

Exploit traffic patterns to FTP port 21
SYST commands with payload data exceeding normal length

SIEM Query:

source="ftp.log" AND (command="SYST" AND length>50) OR (message="buffer overflow" OR message="access violation")

📊 Metadata

CVE ID: CVE-2025-3349

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.48% exploit probability (64.5th percentile)

Published: April 7, 2025

Last Updated: May 16, 2025

🔗 References

https://fitoxs.com/exploit/exploit.txt Exploit
https://vuldb.com/?ctiid.303563 Permissions Required,VDB Entry
https://vuldb.com/?id.303563 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.552039 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3349, you might also want to check these: