CVE-2025-4160 – A critical buffer overflow vulnerability exists... (How to Fix)

Q: What is the severity of CVE-2025-4160?

CVE-2025-4160 has a CVSS score of 7.3 (HIGH). A critical buffer overflow vulnerability exists in PCMan FTP Server's LS command handler, allowing remote attackers to execute arbitrary code or crash the service. This affects all versions up to 2.0.7. Attackers can exploit this without authentication over the network.

📋 TL;DR

A critical buffer overflow vulnerability exists in PCMan FTP Server's LS command handler, allowing remote attackers to execute arbitrary code or crash the service. This affects all versions up to 2.0.7. Attackers can exploit this without authentication over the network.

💻 Affected Systems

Products:

PCMan FTP Server

Versions: All versions up to and including 2.0.7

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. The LS command handler is a core FTP functionality.

📦 What is this software?

Ftp Server by Pcman

View all CVEs affecting Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Service crash causing denial of service, with potential for remote code execution by skilled attackers.

🟢

If Mitigated

Limited to denial of service if exploit attempts are blocked or memory protections are enabled.

🌐 Internet-Facing: HIGH - Remote unauthenticated exploitation makes internet-facing instances extremely vulnerable.

🏢 Internal Only: MEDIUM - Internal network exposure still presents risk, though attack surface is reduced.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch exists. Consider migrating to alternative FTP server software.

🔧 Temporary Workarounds

Disable FTP Service

windows

Completely disable PCMan FTP Server if not required.

net stop "PCMan FTP Server"
sc config "PCMan FTP Server" start= disabled

Network Segmentation

windows

Restrict access to FTP port (default 21) using firewall rules.

netsh advfirewall firewall add rule name="Block PCMan FTP" dir=in action=block protocol=TCP localport=21

🧯 If You Can't Patch

Replace PCMan FTP Server with alternative secure FTP software like FileZilla Server or vsftpd.
Implement network monitoring and intrusion detection for FTP traffic anomalies.

🔍 How to Verify

Check if Vulnerable:

Check PCMan FTP Server version in GUI or via installed programs list. Versions ≤2.0.7 are vulnerable.

Check Version:

Check Control Panel > Programs and Features for PCMan FTP Server version.

Verify Fix Applied:

Verify service is stopped or uninstalled, or that alternative FTP software is running.

📡 Detection & Monitoring

Log Indicators:

Multiple failed LS command attempts
Unusual buffer overflow errors in FTP logs
Service crash events in Windows Event Log

Network Indicators:

Excessive or malformed LS commands to FTP port 21
Buffer overflow patterns in FTP traffic

SIEM Query:

source="ftp.log" AND (command="LS" OR command="LIST") AND size>1000

📊 Metadata

CVE ID: CVE-2025-4160

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.16% exploit probability (36.4th percentile)

Published: May 1, 2025

Last Updated: June 24, 2025

🔗 References

https://fitoxs.com/exploit/exploit-098f6bcd4621d373cade4e832627b4f6.txt Exploit
https://vuldb.com/?ctiid.306692 Permissions Required,VDB Entry
https://vuldb.com/?id.306692 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.561030 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-4160, you might also want to check these: