Login Sign Up

CVE-2025-3727

7.3 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execute arbitrary code or crash the service by sending specially crafted STATUS commands. This affects all systems running the vulnerable FTP server version. Attackers can exploit this without authentication from anywhere on the network.

💻 Affected Systems

Products:
  • PCMan FTP Server
Versions: 2.0.7
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of version 2.0.7 are vulnerable regardless of configuration.

📦 What is this software?

Ftp Server by Pcman

View all CVEs affecting Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Service crash causing denial of service, with potential for remote code execution by skilled attackers.

🟢

If Mitigated

Service disruption only if exploit attempts are blocked by network controls or the server is patched.

🌐 Internet-Facing: HIGH - Remote unauthenticated exploitation makes internet-facing instances extremely vulnerable.
🏢 Internal Only: HIGH - Internal attackers or malware could exploit this to move laterally within the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code is available, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch exists. Consider upgrading to a different FTP server solution or implementing workarounds.

🔧 Temporary Workarounds

Disable FTP Service

windows

Stop and disable the PCMan FTP Server service

sc stop "PCMan FTP Server"
sc config "PCMan FTP Server" start= disabled

Block FTP Port at Firewall

windows

Block incoming connections to FTP port (default 21)

netsh advfirewall firewall add rule name="Block FTP" dir=in action=block protocol=TCP localport=21

🧯 If You Can't Patch

  • Implement network segmentation to isolate FTP server from critical systems
  • Deploy intrusion prevention system (IPS) rules to detect and block STATUS command exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check if PCMan FTP Server 2.0.7 is installed and running on port 21

Check Version:

Check program files directory for PCMan FTP Server version or review installed programs list

Verify Fix Applied:

Verify service is stopped/disabled or replaced with alternative FTP server

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed STATUS commands
  • FTP service crash logs
  • Unusual network traffic to FTP port

Network Indicators:

  • Excessive STATUS commands to FTP server
  • Malformed FTP packets
  • Traffic patterns matching known exploit

SIEM Query:

source="ftp.log" AND (command="STATUS" AND length>1000) OR (event="service_crash" AND service="PCMan FTP")

📊 Metadata

CVE ID: CVE-2025-3727
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.48% exploit probability (64.5th percentile)
Published: April 16, 2025
Last Updated: May 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3727, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)