CVE-2025-3762 – CVE-2025-3762 is a critical buffer overflow vul... (How to Fix)

Q: What is the severity of CVE-2025-3762?

CVE-2025-3762 has a CVSS score of 7.3 (HIGH). CVE-2025-3762 is a critical buffer overflow vulnerability in PCMan FTP Server 2.0.7's MPUT command handler that allows remote attackers to execute arbitrary code or crash the service. The vulnerability affects all systems running the vulnerable FTP server version. Attackers can exploit this without authentication over the network.

📋 TL;DR

CVE-2025-3762 is a critical buffer overflow vulnerability in PCMan FTP Server 2.0.7's MPUT command handler that allows remote attackers to execute arbitrary code or crash the service. The vulnerability affects all systems running the vulnerable FTP server version. Attackers can exploit this without authentication over the network.

💻 Affected Systems

Products:

PCMan FTP Server

Versions: 2.0.7

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: The MPUT command handler is a core FTP functionality, so all standard configurations are vulnerable.

📦 What is this software?

Ftp Server by Pcman

View all CVEs affecting Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Service disruption through denial of service, with potential for remote code execution by skilled attackers.

🟢

If Mitigated

Limited to service disruption if proper network segmentation and exploit prevention controls are in place.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and a public exploit exists.

🏢 Internal Only: MEDIUM - Still significant risk for lateral movement within networks if exploited.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider migrating to alternative FTP server software or implementing workarounds.

🔧 Temporary Workarounds

Disable MPUT Command

windows

Configure FTP server to reject or disable MPUT commands if possible

Check server configuration documentation for command filtering options

Network Access Control

windows

Restrict FTP server access to trusted IP addresses only

Use Windows Firewall: netsh advfirewall firewall add rule name="Restrict FTP" dir=in action=allow protocol=TCP localport=21 remoteip=192.168.1.0/24

🧯 If You Can't Patch

Isolate the FTP server in a dedicated network segment with strict egress filtering
Implement application-level firewall or WAF rules to block suspicious MPUT command patterns

🔍 How to Verify

Check if Vulnerable:

Check PCMan FTP Server version in the application interface or About dialog. Version 2.0.7 is vulnerable.

Check Version:

Check application interface or registry: HKEY_LOCAL_MACHINE\SOFTWARE\PCMan\FTP Server\Version

Verify Fix Applied:

Verify server is no longer running version 2.0.7 or has been replaced with alternative software.

📡 Detection & Monitoring

Log Indicators:

Multiple failed MPUT commands
Unusually large MPUT command parameters
Server crash/restart events

Network Indicators:

Excessive data in FTP MPUT commands
Patterns matching known exploit payloads in FTP traffic

SIEM Query:

source="ftp_server.log" AND (command="MPUT" AND (data_length>1000 OR contains(pattern="\x90\x90\x90")))

📊 Metadata

CVE ID: CVE-2025-3762

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.48% exploit probability (64.5th percentile)

Published: April 17, 2025

Last Updated: May 12, 2025

🔗 References

https://fitoxs.com/exploit/exploit-8d31b9e55c1c3d8f2cbf62e3e218f50b.txt Exploit
https://vuldb.com/?ctiid.305396 Permissions Required,VDB Entry
https://vuldb.com/?id.305396 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.553567 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3762, you might also want to check these: