CVE-2025-4162 – A critical buffer overflow vulnerability in PCM... (How to Fix)

📋 TL;DR

A critical buffer overflow vulnerability in PCMan FTP Server's ASCII command handler allows remote attackers to execute arbitrary code or crash the service. This affects all versions up to 2.0.7. Organizations running vulnerable FTP servers are at risk of complete system compromise.

💻 Affected Systems

Products:

PCMan FTP Server

Versions: All versions up to and including 2.0.7

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default ASCII command handler, no special configuration required

📦 What is this software?

Ftp Server by Pcman

View all CVEs affecting Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, ransomware deployment, or persistent backdoor installation

🟠

Likely Case

Service crash causing denial of service, with potential for RCE if exploit is weaponized

🟢

If Mitigated

Denial of service only if exploit attempts are blocked by network controls

🌐 Internet-Facing: HIGH - Remote unauthenticated exploitation makes internet-facing servers immediate targets

🏢 Internal Only: MEDIUM - Internal servers still vulnerable but require attacker foothold in network

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code available, making weaponization straightforward for attackers

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

1. Check for updated version from vendor (none available as of analysis)
2. If no patch, implement workarounds or migrate to alternative FTP server

🔧 Temporary Workarounds

Disable ASCII mode

windows

Force binary-only transfers to bypass vulnerable ASCII handler

Configure FTP server to disable ASCII mode (server-specific configuration)

Network segmentation

all

Isolate FTP server behind firewall with strict access controls

Firewall rules to restrict FTP access to trusted IPs only

🧯 If You Can't Patch

Replace PCMan FTP Server with alternative secure FTP solution
Implement application-layer firewall or WAF with buffer overflow protection

🔍 How to Verify

Check if Vulnerable:

Check PCMan FTP Server version in GUI or via 'About' menu. Versions ≤2.0.7 are vulnerable

Check Version:

Check version in PCMan FTP Server interface (no CLI version command)

Verify Fix Applied:

Verify version is >2.0.7 when patch becomes available, or test with exploit PoC in controlled environment

📡 Detection & Monitoring

Log Indicators:

Multiple failed ASCII command attempts
Unusual ASCII mode requests
Server crash/restart events

Network Indicators:

Excessive ASCII command traffic to FTP port 21
Buffer overflow patterns in FTP traffic

SIEM Query:

source="ftp.log" AND (ascii OR "buffer overflow" OR crash)

📊 Metadata

CVE ID: CVE-2025-4162

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.16% exploit probability (36.4th percentile)

Published: May 1, 2025

Last Updated: June 24, 2025

🔗 References

https://fitoxs.com/exploit/exploit-03c7c0ace395d80182db07ae2c30f034.txt Exploit
https://vuldb.com/?ctiid.306694 Permissions Required,VDB Entry
https://vuldb.com/?id.306694 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.561034 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-4162, you might also want to check these: