CVE-2025-3373 – A critical buffer overflow vulnerability in PCM... (How to Fix)

Q: What is the severity of CVE-2025-3373?

CVE-2025-3373 has a CVSS score of 7.3 (HIGH). A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execute arbitrary code or crash the service by sending specially crafted SITE CHMOD commands. This affects all systems running the vulnerable FTP server version. The exploit is publicly available and can be launched without authentication.

📋 TL;DR

A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execute arbitrary code or crash the service by sending specially crafted SITE CHMOD commands. This affects all systems running the vulnerable FTP server version. The exploit is publicly available and can be launched without authentication.

💻 Affected Systems

Products:

PCMan FTP Server

Versions: 2.0.7

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the SITE CHMOD command handler component. All installations of version 2.0.7 are affected regardless of configuration.

📦 What is this software?

Ftp Server by Pcman

View all CVEs affecting Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment

🟠

Likely Case

Service disruption through denial of service, potential remote code execution in default configurations

🟢

If Mitigated

Limited to service disruption if proper network segmentation and exploit prevention controls are in place

🌐 Internet-Facing: HIGH - Remote unauthenticated exploit with public proof-of-concept available

🏢 Internal Only: MEDIUM - Still vulnerable but attack surface reduced by network segmentation

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available at the provided reference URL. The vulnerability requires no authentication and has straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider migrating to alternative FTP server software or implementing workarounds.

🔧 Temporary Workarounds

Disable SITE CHMOD command

windows

Configure FTP server to reject or disable SITE CHMOD commands if supported by server configuration

Network filtering

all

Block FTP traffic at network perimeter or implement IPS rules to detect and block malicious SITE CHMOD commands

🧯 If You Can't Patch

Immediately remove PCMan FTP Server 2.0.7 from internet-facing systems
Implement strict network segmentation to isolate FTP servers from critical systems

🔍 How to Verify

Check if Vulnerable:

Check FTP server version in application interface or configuration files. Version 2.0.7 is vulnerable.

Check Version:

Check server interface or configuration files for version information

Verify Fix Applied:

Verify server has been upgraded to a non-vulnerable version or removed from service

📡 Detection & Monitoring

Log Indicators:

Multiple failed SITE CHMOD commands
Unusual SITE CHMOD command patterns with long parameters
FTP service crashes

Network Indicators:

FTP traffic containing SITE CHMOD commands with unusually long parameters
Multiple connection attempts to FTP port 21

SIEM Query:

source="ftp.log" AND (command="SITE" AND parameter="CHMOD") AND length(parameter_value) > 100

📊 Metadata

CVE ID: CVE-2025-3373

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.48% exploit probability (64.5th percentile)

Published: April 7, 2025

Last Updated: May 16, 2025

🔗 References

https://fitoxs.com/exploit/exploit2.txt Exploit
https://vuldb.com/?ctiid.303619 Permissions Required,VDB Entry
https://vuldb.com/?id.303619 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.552274 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3373, you might also want to check these: