Login Sign Up

CVE-2025-4253

7.3 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

A critical buffer overflow vulnerability exists in PCMan FTP Server 2.0.7's HASH command handler, allowing remote attackers to execute arbitrary code or crash the service. This affects anyone running the vulnerable FTP server version. The exploit is publicly available and can be launched remotely without authentication.

💻 Affected Systems

Products:
  • PCMan FTP Server
Versions: 2.0.7
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is in the HASH command handler component; any configuration using this feature is affected.

📦 What is this software?

Ftp Server by Pcman

View all CVEs affecting Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Service crash causing denial of service, with potential for remote code execution by skilled attackers.

🟢

If Mitigated

Limited to denial of service if exploit attempts are blocked or service runs with minimal privileges.

🌐 Internet-Facing: HIGH - Remote unauthenticated exploit against internet-facing FTP servers.
🏢 Internal Only: MEDIUM - Lower exposure but still vulnerable to internal attackers or lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code is available; attack requires sending crafted HASH command to vulnerable server.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available, or implement workarounds.

🔧 Temporary Workarounds

Disable FTP Server

windows

Stop and disable the PCMan FTP Server service to prevent exploitation.

sc stop "PCMan FTP Server"
sc config "PCMan FTP Server" start= disabled

Block FTP Port

windows

Use firewall rules to block external access to FTP port (typically TCP 21).

netsh advfirewall firewall add rule name="Block FTP" dir=in action=block protocol=TCP localport=21

🧯 If You Can't Patch

  • Replace PCMan FTP Server with a secure alternative like FileZilla Server or vsftpd.
  • Implement network segmentation to isolate FTP server from critical systems.

🔍 How to Verify

Check if Vulnerable:

Check if PCMan FTP Server version 2.0.7 is installed and running on Windows systems.

Check Version:

Check program files or registry: HKEY_LOCAL_MACHINE\SOFTWARE\PCMan FTP Server for version info.

Verify Fix Applied:

Verify the service is stopped/disabled or replaced with a non-vulnerable version.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed HASH command attempts in FTP logs
  • Unusual buffer overflow errors in server logs

Network Indicators:

  • Malformed HASH commands sent to FTP port 21
  • Traffic patterns matching public exploit code

SIEM Query:

source="ftp_server.log" AND "HASH" AND ("overflow" OR "crash")

📊 Metadata

CVE ID: CVE-2025-4253
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.21% exploit probability (43.5th percentile)
Published: May 4, 2025
Last Updated: May 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-4253, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)