CVE-2025-3375 – CVE-2025-3375 is a critical buffer overflow vul... (How to Fix)

Q: What is the severity of CVE-2025-3375?

CVE-2025-3375 has a CVSS score of 7.3 (HIGH). CVE-2025-3375 is a critical buffer overflow vulnerability in PCMan FTP Server 2.0.7's CDUP command handler that allows remote attackers to execute arbitrary code or crash the service. This affects all systems running the vulnerable FTP server version. Attackers can exploit this without authentication over the network.

📋 TL;DR

CVE-2025-3375 is a critical buffer overflow vulnerability in PCMan FTP Server 2.0.7's CDUP command handler that allows remote attackers to execute arbitrary code or crash the service. This affects all systems running the vulnerable FTP server version. Attackers can exploit this without authentication over the network.

💻 Affected Systems

Products:

PCMan FTP Server

Versions: 2.0.7

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the FTP server component specifically when handling CDUP commands. No special configuration required.

📦 What is this software?

Ftp Server by Pcman

View all CVEs affecting Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Service crash causing denial of service, potentially followed by remote code execution if exploit is refined.

🟢

If Mitigated

Service disruption with limited impact if proper network segmentation and monitoring are in place.

🌐 Internet-Facing: HIGH - Remote unauthenticated exploit with public proof-of-concept available.

🏢 Internal Only: HIGH - Still critical within internal networks, though slightly reduced exposure.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code available at provided reference URL. Attack requires sending crafted CDUP command to FTP port.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

1. Check for updated version from vendor. 2. If no patch, migrate to alternative FTP server software. 3. Disable or remove PCMan FTP Server 2.0.7.

🔧 Temporary Workarounds

Network Access Control

all

Block FTP port (21/tcp) at firewall or restrict access to trusted IPs only

# Windows Firewall: netsh advfirewall firewall add rule name="Block FTP" dir=in action=block protocol=TCP localport=21
# Linux iptables: iptables -A INPUT -p tcp --dport 21 -j DROP

Service Disablement

windows

Stop and disable the FTP service

# Windows: sc stop "PCMan FTP Server" && sc config "PCMan FTP Server" start= disabled
# Linux service equivalent if applicable

🧯 If You Can't Patch

Replace PCMan FTP Server with alternative secure FTP solution like FileZilla Server or vsftpd
Implement strict network segmentation to isolate FTP server from critical systems

🔍 How to Verify

Check if Vulnerable:

Check if PCMan FTP Server version 2.0.7 is installed and running on port 21

Check Version:

# Check Windows services: sc query "PCMan FTP Server" || Check installed programs in Control Panel

Verify Fix Applied:

Verify service is stopped/removed or replaced with different FTP server

📡 Detection & Monitoring

Log Indicators:

Multiple failed CDUP commands
Unusual long CDUP command parameters
Service crash logs

Network Indicators:

Unusually long FTP CDUP commands (> typical length)
Traffic to FTP port from unexpected sources

SIEM Query:

source="ftp.log" AND (command="CDUP" AND length>100) OR (event="service_crash" AND service="PCMan FTP")

📊 Metadata

CVE ID: CVE-2025-3375

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.48% exploit probability (64.5th percentile)

Published: April 7, 2025

Last Updated: May 16, 2025

🔗 References

https://fitoxs.com/exploit/exploit-b81a4a56b5d867bc810b183e3c9791ef.txt Exploit
https://vuldb.com/?ctiid.303621 Permissions Required,VDB Entry
https://vuldb.com/?id.303621 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.552337 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3375, you might also want to check these: