CVE-2025-3723 – A critical buffer overflow vulnerability in PCM... (How to Fix)

Q: What is the severity of CVE-2025-3723?

CVE-2025-3723 has a CVSS score of 7.3 (HIGH). A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execute arbitrary code or crash the service by exploiting the MDTM command handler. This affects all systems running the vulnerable FTP server version. Attackers can exploit this without authentication from remote networks.

📋 TL;DR

A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execute arbitrary code or crash the service by exploiting the MDTM command handler. This affects all systems running the vulnerable FTP server version. Attackers can exploit this without authentication from remote networks.

💻 Affected Systems

Products:

PCMan FTP Server

Versions: 2.0.7

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of version 2.0.7 are vulnerable regardless of configuration

📦 What is this software?

Ftp Server by Pcman

View all CVEs affecting Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment

🟠

Likely Case

Service disruption through denial of service, with potential for remote code execution by skilled attackers

🟢

If Mitigated

Limited to service disruption if proper network segmentation and exploit prevention controls are in place

🌐 Internet-Facing: HIGH - FTP servers are typically internet-facing and exploit requires no authentication

🏢 Internal Only: MEDIUM - Lower risk if properly segmented, but still vulnerable to internal threats

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available, making exploitation straightforward for attackers

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a different FTP server solution or implementing workarounds.

🔧 Temporary Workarounds

Disable FTP Service

windows

Stop and disable the PCMan FTP Server service

sc stop "PCMan FTP Server"
sc config "PCMan FTP Server" start= disabled

Network Segmentation

windows

Block FTP port 21 at network perimeter

netsh advfirewall firewall add rule name="Block FTP" dir=in action=block protocol=TCP localport=21

🧯 If You Can't Patch

Replace PCMan FTP Server with a maintained alternative like FileZilla Server or vsftpd
Implement strict network access controls to limit FTP server exposure to trusted IPs only

🔍 How to Verify

Check if Vulnerable:

Check if PCMan FTP Server version 2.0.7 is installed via Programs and Features or by examining the service properties

Check Version:

wmic product where "name like 'PCMan%'" get version

Verify Fix Applied:

Verify service is stopped/disabled or that FTP port 21 is blocked

📡 Detection & Monitoring

Log Indicators:

Multiple MDTM command failures
FTP service crash events
Unusual buffer overflow errors in application logs

Network Indicators:

Excessive MDTM commands to FTP server
Malformed FTP commands with long parameters

SIEM Query:

source="ftp.log" AND command="MDTM" AND (length(param) > 100 OR status="500")

📊 Metadata

CVE ID: CVE-2025-3723

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.48% exploit probability (64.5th percentile)

Published: April 16, 2025

Last Updated: May 12, 2025

🔗 References

https://fitoxs.com/exploit/exploit-d41d8cd98f00b204e9800998ecf8427e.txt Exploit
https://vuldb.com/?ctiid.305069 Permissions Required,VDB Entry
https://vuldb.com/?id.305069 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.552796 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3723, you might also want to check these: