Login Sign Up

CVE-2025-3379

7.3 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execute arbitrary code or crash the service by sending specially crafted EPSV commands. This affects all systems running the vulnerable FTP server version. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:
  • PCMan FTP Server
Versions: 2.0.7
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects PCMan FTP Server 2.0.7; other versions may be unaffected. The EPSV command handler is the vulnerable component.

📦 What is this software?

Ftp Server by Pcman

View all CVEs affecting Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Service crash causing denial of service, potentially followed by remote code execution if exploit is weaponized.

🟢

If Mitigated

Service disruption but no system compromise if proper network segmentation and exploit prevention controls are active.

🌐 Internet-Facing: HIGH - Remote unauthenticated exploit with public proof-of-concept available.
🏢 Internal Only: MEDIUM - Still exploitable from internal networks but requires attacker foothold.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code is available, making weaponization likely. The vulnerability requires no authentication and has low exploitation complexity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider migrating to alternative FTP server software or implementing workarounds.

🔧 Temporary Workarounds

Disable EPSV command

windows

Configure FTP server to reject EPSV commands if supported by configuration.

Network filtering

all

Block EPSV commands at network perimeter using IPS/IDS or firewall rules.

🧯 If You Can't Patch

  • Isolate FTP server in segmented network with strict access controls
  • Implement application whitelisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check if PCMan FTP Server version 2.0.7 is installed and running. Use netstat to check for FTP service on port 21.

Check Version:

Check program files directory for PCMan FTP Server and examine version in properties or about dialog.

Verify Fix Applied:

Verify FTP server version is no longer 2.0.7 or service has been disabled/removed.

📡 Detection & Monitoring

Log Indicators:

  • Multiple EPSV command attempts
  • FTP service crash logs
  • Unusual process creation from FTP service

Network Indicators:

  • EPSV commands with unusually long parameters
  • Traffic patterns matching known exploit

SIEM Query:

source="ftp.log" AND (command="EPSV" OR "buffer overflow")

📊 Metadata

CVE ID: CVE-2025-3379
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.48% exploit probability (64.5th percentile)
Published: April 7, 2025
Last Updated: April 29, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3379, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)