CVE-2025-3683 – A critical buffer overflow vulnerability in PCM... (How to Fix)

Q: What is the severity of CVE-2025-3683?

CVE-2025-3683 has a CVSS score of 7.3 (HIGH). A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execute arbitrary code by sending specially crafted SIZE commands. This affects all systems running the vulnerable FTP server version, potentially leading to complete system compromise. The vulnerability is remotely exploitable without authentication.

📋 TL;DR

A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execute arbitrary code by sending specially crafted SIZE commands. This affects all systems running the vulnerable FTP server version, potentially leading to complete system compromise. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:

PCMan FTP Server

Versions: 2.0.7

Operating Systems: Windows (primary), potentially others where server is installed

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of version 2.0.7 are vulnerable regardless of configuration. The SIZE command handler is affected.

📦 What is this software?

Ftp Server by Pcman

View all CVEs affecting Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, ransomware deployment, or creation of persistent backdoors.

🟠

Likely Case

Remote code execution allowing attackers to gain control of the FTP server process, potentially escalating to system-level access.

🟢

If Mitigated

Denial of service if exploit fails or is blocked, but system remains vulnerable to more sophisticated attacks.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and affects an internet-facing service.

🏢 Internal Only: MEDIUM - Still significant risk if exploited internally, but attack surface is reduced compared to internet exposure.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available, making exploitation straightforward for attackers. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found in provided references

Restart Required: Yes

Instructions:

1. Check for updated version from vendor. 2. If no patch available, consider alternative FTP server software. 3. Apply workarounds immediately.

🔧 Temporary Workarounds

Network Segmentation and Blocking

all

Block SIZE command at network perimeter or disable FTP service entirely

# Use firewall to block FTP port 21/tcp
iptables -A INPUT -p tcp --dport 21 -j DROP

Service Disablement

windows

Stop and disable PCMan FTP Server service

sc stop "PCMan FTP Server"
sc config "PCMan FTP Server" start= disabled

🧯 If You Can't Patch

Immediately isolate affected systems from internet and critical networks
Implement strict network monitoring for SIZE command anomalies and buffer overflow attempts

🔍 How to Verify

Check if Vulnerable:

Check PCMan FTP Server version in interface or installation directory. Version 2.0.7 is vulnerable.

Check Version:

# Check Windows service version or examine program files directory

Verify Fix Applied:

Verify version is no longer 2.0.7 or service is disabled/blocked

📡 Detection & Monitoring

Log Indicators:

Multiple SIZE command failures
Unusual SIZE command parameters
Buffer overflow error messages in FTP logs

Network Indicators:

SIZE commands with unusually long parameters
Traffic patterns suggesting buffer overflow attempts

SIEM Query:

source="ftp_logs" AND command="SIZE" AND (parameter_length>100 OR contains(error, "buffer"))

📊 Metadata

CVE ID: CVE-2025-3683

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.48% exploit probability (64.5th percentile)

Published: April 16, 2025

Last Updated: April 29, 2025

🔗 References

https://fitoxs.com/exploit/exploit-5f4dcc3b5aa765d61d8327deb882cf99.txt Exploit
https://vuldb.com/?ctiid.304972 Permissions Required,VDB Entry
https://vuldb.com/?id.304972 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.552791 Third Party Advisory,VDB Entry
https://fitoxs.com/exploit/exploit-5f4dcc3b5aa765d61d8327deb882cf99.txt Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3683, you might also want to check these: