CVE-2025-4079 – A critical buffer overflow vulnerability exists... (How to Fix)

Q: What is the severity of CVE-2025-4079?

CVE-2025-4079 has a CVSS score of 7.3 (HIGH). A critical buffer overflow vulnerability exists in PCMan FTP Server's RENAME command handler, allowing remote attackers to execute arbitrary code or crash the service. This affects PCMan FTP Server versions up to 2.0.7. Attackers can exploit this without authentication over the network.

📋 TL;DR

A critical buffer overflow vulnerability exists in PCMan FTP Server's RENAME command handler, allowing remote attackers to execute arbitrary code or crash the service. This affects PCMan FTP Server versions up to 2.0.7. Attackers can exploit this without authentication over the network.

💻 Affected Systems

Products:

PCMan FTP Server

Versions: Up to and including 2.0.7

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations up to version 2.0.7 are vulnerable by default when FTP service is enabled.

📦 What is this software?

Ftp Server by Pcman

View all CVEs affecting Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Service crash causing denial of service, potentially followed by remote code execution.

🟢

If Mitigated

Limited to denial of service if exploit fails or controls prevent code execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available, making attacks straightforward for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch exists. Consider upgrading to a different FTP server software or implementing workarounds.

🔧 Temporary Workarounds

Disable FTP Service

windows

Stop and disable the PCMan FTP Server service if not required.

sc stop PCManFTPServer
sc config PCManFTPServer start= disabled

Network Segmentation

windows

Restrict FTP server access to trusted networks using firewall rules.

netsh advfirewall firewall add rule name="Block FTP" dir=in action=block protocol=TCP localport=21 remoteip=any

🧯 If You Can't Patch

Replace PCMan FTP Server with a maintained alternative like FileZilla Server or vsftpd.
Implement network-based intrusion prevention systems (IPS) to detect and block buffer overflow attempts.

🔍 How to Verify

Check if Vulnerable:

Check PCMan FTP Server version in Help > About menu or examine installed program version.

Check Version:

Not available via command line; check GUI or installed programs list.

Verify Fix Applied:

Verify service is stopped/disabled or replaced with alternative software.

📡 Detection & Monitoring

Log Indicators:

Multiple failed RENAME commands
FTP service crash logs
Unusual RENAME command patterns with long arguments

Network Indicators:

FTP traffic with abnormally long RENAME commands
Multiple connection attempts to FTP port 21

SIEM Query:

source="ftp.log" AND command="RENAME" AND (length(arguments) > 100 OR contains(arguments, ".."))

📊 Metadata

CVE ID: CVE-2025-4079

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.17% exploit probability (38.1th percentile)

Published: April 29, 2025

Last Updated: May 12, 2025

🔗 References

https://fitoxs.com/exploit/exploit-9e107d9d372bb6826bd81d3542a419d6.txt Exploit
https://vuldb.com/?ctiid.306516 Permissions Required,VDB Entry
https://vuldb.com/?id.306516 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.560541 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-4079, you might also want to check these: