CVE-2025-3377 – A critical buffer overflow vulnerability in PCM... (How to Fix)

Q: What is the severity of CVE-2025-3377?

CVE-2025-3377 has a CVSS score of 7.3 (HIGH). A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execute arbitrary code or crash the service by sending specially crafted ENC commands. This affects anyone running the vulnerable FTP server version. The exploit is publicly available and can be triggered without authentication.

📋 TL;DR

A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execute arbitrary code or crash the service by sending specially crafted ENC commands. This affects anyone running the vulnerable FTP server version. The exploit is publicly available and can be triggered without authentication.

💻 Affected Systems

Products:

PCMan FTP Server

Versions: 2.0.7

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in the ENC command handler component. All installations of version 2.0.7 are affected.

📦 What is this software?

Ftp Server by Pcman

View all CVEs affecting Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Service crash causing denial of service, with potential for RCE if exploit is refined.

🟢

If Mitigated

Limited to service disruption if exploit fails or is blocked by network controls.

🌐 Internet-Facing: HIGH - Remote unauthenticated exploit against internet-exposed FTP servers.

🏢 Internal Only: MEDIUM - Lower exposure but still vulnerable to internal attackers.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code exists and attack requires minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider migrating to alternative FTP server software.

🔧 Temporary Workarounds

Disable FTP Service

windows

Stop and disable the PCMan FTP Server service

sc stop "PCMan FTP Server"
sc config "PCMan FTP Server" start= disabled

Block ENC Command

all

Use network filtering to block ENC commands at firewall level

🧯 If You Can't Patch

Isolate vulnerable server in separate network segment with strict access controls
Implement application firewall rules to block malicious FTP commands

🔍 How to Verify

Check if Vulnerable:

Check FTP server version in service properties or about dialog. If version is 2.0.7, it is vulnerable.

Check Version:

Check Windows Services for "PCMan FTP Server" properties

Verify Fix Applied:

Verify service is stopped or uninstalled. Check firewall rules blocking FTP port 21.

📡 Detection & Monitoring

Log Indicators:

Multiple ENC command failures
FTP service crash events
Buffer overflow error messages

Network Indicators:

Unusual ENC command patterns
Excessive data sent in FTP commands
Port 21 traffic from suspicious sources

SIEM Query:

source="ftp.log" AND (command="ENC" OR "buffer overflow" OR "access violation")

📊 Metadata

CVE ID: CVE-2025-3377

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.48% exploit probability (64.5th percentile)

Published: April 7, 2025

Last Updated: May 16, 2025

🔗 References

https://fitoxs.com/exploit/exploit-c72a40d2a3b5d9dc02aef891ea1788bc.txt Exploit
https://vuldb.com/?ctiid.303623 Permissions Required,VDB Entry
https://vuldb.com/?id.303623 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.552339 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3377, you might also want to check these: