CVE-2025-3372 – A critical buffer overflow vulnerability in PCM... (How to Fix)

Q: What is the severity of CVE-2025-3372?

CVE-2025-3372 has a CVSS score of 7.3 (HIGH). A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execute arbitrary code by sending specially crafted MKDIR commands. This affects all systems running the vulnerable FTP server version, potentially leading to complete system compromise. The exploit is publicly available and can be launched remotely without authentication.

📋 TL;DR

A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execute arbitrary code by sending specially crafted MKDIR commands. This affects all systems running the vulnerable FTP server version, potentially leading to complete system compromise. The exploit is publicly available and can be launched remotely without authentication.

💻 Affected Systems

Products:

PCMan FTP Server

Versions: 2.0.7

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the MKDIR command handler component. All installations of version 2.0.7 are vulnerable regardless of configuration.

📦 What is this software?

Ftp Server by Pcman

View all CVEs affecting Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, ransomware deployment, or creation of persistent backdoors.

🟠

Likely Case

Remote code execution resulting in system takeover, service disruption, and lateral movement within the network.

🟢

If Mitigated

Denial of service or application crash if exploit fails, but code execution remains possible with proper exploitation.

🌐 Internet-Facing: HIGH - Remote unauthenticated exploit against internet-facing FTP servers makes this extremely dangerous.

🏢 Internal Only: HIGH - Even internally, this provides attackers with a foothold for lateral movement and privilege escalation.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available and requires minimal technical skill to execute. No authentication is required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch is available. Consider migrating to alternative FTP server software or implementing workarounds.

🔧 Temporary Workarounds

Disable MKDIR Command

windows

Configure FTP server to reject all MKDIR commands if not required for functionality

Configuration depends on FTP server settings interface

Network Segmentation

all

Isolate FTP server in separate network segment with strict firewall rules

Configure firewall to restrict FTP access to trusted IPs only

🧯 If You Can't Patch

Immediately disable or uninstall PCMan FTP Server 2.0.7
Replace with alternative FTP server software like FileZilla Server, vsftpd, or ProFTPD

🔍 How to Verify

Check if Vulnerable:

Check FTP server version in application interface or About dialog. Version 2.0.7 is vulnerable.

Check Version:

Check application properties or About menu in PCMan FTP Server GUI

Verify Fix Applied:

Verify PCMan FTP Server is no longer installed or has been replaced with alternative software.

📡 Detection & Monitoring

Log Indicators:

Unusual MKDIR commands with long parameters
Multiple failed MKDIR attempts
FTP server crash logs

Network Indicators:

FTP traffic containing unusually long MKDIR commands
Multiple connection attempts to FTP port 21

SIEM Query:

source="ftp.log" AND command="MKDIR" AND (length(param) > 100 OR contains(param, "\x90"))

📊 Metadata

CVE ID: CVE-2025-3372

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.48% exploit probability (64.5th percentile)

Published: April 7, 2025

Last Updated: May 16, 2025

🔗 References

https://fitoxs.com/exploit/01-exploit.txt Exploit
https://vuldb.com/?ctiid.303618 Permissions Required,VDB Entry
https://vuldb.com/?id.303618 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.552273 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3372, you might also want to check these: