Login Sign Up

CVE-2025-3679

7.3 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execute arbitrary code or crash the service by sending specially crafted HOST commands. This affects anyone running the vulnerable FTP server version. The exploit is publicly available, increasing the risk of attacks.

💻 Affected Systems

Products:
  • PCMan FTP Server
Versions: 2.0.7
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only version 2.0.7 is confirmed; earlier versions may also be affected but unverified. The HOST command handler is the vulnerable component.

📦 What is this software?

Ftp Server by Pcman

View all CVEs affecting Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Service crash causing denial of service, potentially followed by remote code execution attempts.

🟢

If Mitigated

Limited to denial of service if exploit fails or controls block execution.

🌐 Internet-Facing: HIGH - FTP servers are typically internet-facing, and the exploit works remotely without authentication.
🏢 Internal Only: MEDIUM - Lower exposure but still risky if internal attackers exist or if compromised externally spreads internally.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit code is publicly available at the provided references, making attacks easy to launch.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch is available. Consider upgrading to a newer version if released, or apply workarounds.

🔧 Temporary Workarounds

Disable FTP Server

windows

Stop and disable the PCMan FTP Server service to prevent exploitation.

sc stop "PCMan FTP Server"
sc config "PCMan FTP Server" start= disabled

Block HOST Command via Firewall

windows

Configure firewall rules to block FTP traffic or specifically filter HOST commands.

netsh advfirewall firewall add rule name="Block FTP" dir=in action=block protocol=TCP localport=21

🧯 If You Can't Patch

  • Replace PCMan FTP Server with a secure alternative like FileZilla Server or vsftpd.
  • Isolate the FTP server in a segmented network with strict access controls.

🔍 How to Verify

Check if Vulnerable:

Check if PCMan FTP Server version 2.0.7 is installed via Programs and Features or by examining the executable properties.

Check Version:

wmic product where name="PCMan FTP Server" get version

Verify Fix Applied:

Verify the server is no longer running or has been upgraded to a non-vulnerable version.

📡 Detection & Monitoring

Log Indicators:

  • FTP server crash logs
  • Unusual HOST command usage in FTP logs
  • Error messages related to buffer overflow

Network Indicators:

  • Excessive or malformed HOST commands sent to FTP port 21
  • Traffic patterns matching known exploit signatures

SIEM Query:

source="ftp.log" AND (command="HOST" AND length>threshold) OR event="crash"

📊 Metadata

CVE ID: CVE-2025-3679
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.48% exploit probability (64.5th percentile)
Published: April 16, 2025
Last Updated: April 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3679, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)