CVE-2025-3678 – A critical buffer overflow vulnerability in PCM... (How to Fix)

Q: What is the severity of CVE-2025-3678?

CVE-2025-3678 has a CVSS score of 7.3 (HIGH). A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execute arbitrary code by sending specially crafted HELP commands. This affects all systems running the vulnerable FTP server version. Attackers can exploit this without authentication to potentially take full control of affected systems.

📋 TL;DR

A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execute arbitrary code by sending specially crafted HELP commands. This affects all systems running the vulnerable FTP server version. Attackers can exploit this without authentication to potentially take full control of affected systems.

💻 Affected Systems

Products:

PCMan FTP Server

Versions: 2.0.7

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability is in the HELP command handler component and affects the default installation.

📦 What is this software?

Ftp Server by Pcman

View all CVEs affecting Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, ransomware deployment, or creation of persistent backdoors.

🟠

Likely Case

Remote code execution allowing attackers to install malware, exfiltrate data, or use the system as a foothold for lateral movement.

🟢

If Mitigated

Denial of service if exploit fails or crashes the service without code execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or replacing with alternative FTP server software.

🔧 Temporary Workarounds

Disable FTP Service

windows

Stop and disable the PCMan FTP Server service to prevent exploitation.

sc stop "PCMan FTP Server"
sc config "PCMan FTP Server" start= disabled

Network Segmentation

windows

Restrict network access to the FTP server using firewall rules.

netsh advfirewall firewall add rule name="Block PCMan FTP" dir=in action=block protocol=TCP localport=21

🧯 If You Can't Patch

Replace PCMan FTP Server with a maintained alternative like FileZilla Server or vsftpd
Implement strict network segmentation and firewall rules to limit access to the FTP server

🔍 How to Verify

Check if Vulnerable:

Check if PCMan FTP Server version 2.0.7 is installed and running on port 21.

Check Version:

Check the application's About dialog or installation directory for version information.

Verify Fix Applied:

Verify the service is stopped/disabled or that a different FTP server is running.

📡 Detection & Monitoring

Log Indicators:

Unusual HELP command patterns
Service crashes or restarts
Buffer overflow error messages

Network Indicators:

Excessive or malformed HELP commands to FTP port 21
Unusual traffic patterns to FTP server

SIEM Query:

source="ftp.log" AND (command="HELP" AND size>100) OR (message="buffer overflow" OR message="access violation")

📊 Metadata

CVE ID: CVE-2025-3678

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.48% exploit probability (64.5th percentile)

Published: April 16, 2025

Last Updated: May 12, 2025

🔗 References

https://fitoxs.com/exploit/exploit-a0667f99e4dc732773f505cdb86fcae1.txt Exploit
https://vuldb.com/?ctiid.304967 Permissions Required,VDB Entry
https://vuldb.com/?id.304967 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.552780 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3678, you might also want to check these: