CVE-2025-4158 – A critical buffer overflow vulnerability in PCM... (How to Fix)

Q: What is the severity of CVE-2025-4158?

CVE-2025-4158 has a CVSS score of 7.3 (HIGH). A critical buffer overflow vulnerability in PCMan FTP Server's PROMPT command handler allows remote attackers to execute arbitrary code or crash the service. This affects PCMan FTP Server versions up to 2.0.7. Attackers can exploit this without authentication over the network.

📋 TL;DR

A critical buffer overflow vulnerability in PCMan FTP Server's PROMPT command handler allows remote attackers to execute arbitrary code or crash the service. This affects PCMan FTP Server versions up to 2.0.7. Attackers can exploit this without authentication over the network.

💻 Affected Systems

Products:

PCMan FTP Server

Versions: Up to and including version 2.0.7

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations up to 2.0.7 are vulnerable regardless of configuration

📦 What is this software?

Ftp Server by Pcman

View all CVEs affecting Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment

🟠

Likely Case

Service crash causing denial of service, potentially followed by remote code execution

🟢

If Mitigated

Service disruption with limited lateral movement if proper network segmentation exists

🌐 Internet-Facing: HIGH - Remote exploitation without authentication makes internet-facing instances extremely vulnerable

🏢 Internal Only: MEDIUM - Still vulnerable to internal attackers, but reduced exposure compared to internet-facing

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code exists, making exploitation straightforward for attackers

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

No official patch available. Consider migrating to alternative FTP server software or implementing workarounds.

🔧 Temporary Workarounds

Network Access Control

all

Restrict access to FTP server using firewall rules

# Windows Firewall: netsh advfirewall firewall add rule name="Block FTP" dir=in action=block protocol=TCP localport=21
# Linux iptables: iptables -A INPUT -p tcp --dport 21 -j DROP

Service Disablement

windows

Disable PCMan FTP Server service

sc stop "PCMan FTP Server"
sc config "PCMan FTP Server" start= disabled

🧯 If You Can't Patch

Isolate vulnerable systems in separate network segments with strict firewall rules
Implement application whitelisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check PCMan FTP Server version in About dialog or registry: HKEY_LOCAL_MACHINE\SOFTWARE\PCMan\FTP Server\Version

Check Version:

reg query "HKLM\SOFTWARE\PCMan\FTP Server" /v Version

Verify Fix Applied:

Verify version is above 2.0.7 or service is disabled/removed

📡 Detection & Monitoring

Log Indicators:

Multiple failed FTP connections
Unusual PROMPT command usage
Service crash events in system logs

Network Indicators:

Excessive FTP traffic to port 21
Malformed FTP commands in network captures

SIEM Query:

source="*ftp*" AND (event_id=1000 OR event_id=1001) AND process_name="ftpserver.exe"

📊 Metadata

CVE ID: CVE-2025-4158

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.16% exploit probability (36.4th percentile)

Published: May 1, 2025

Last Updated: June 24, 2025

🔗 References

https://fitoxs.com/exploit/exploit-e4d909c290d0fb1ca068ffaddf22cbd0.txt Exploit
https://vuldb.com/?ctiid.306690 Permissions Required,VDB Entry
https://vuldb.com/?id.306690 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.561028 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-4158, you might also want to check these: