CVE-2025-4255 – A critical buffer overflow vulnerability in PCM... (How to Fix)

📋 TL;DR

A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execute arbitrary code or crash the service via the RMD command handler. This affects all systems running the vulnerable FTP server version. Attackers can exploit this without authentication over the network.

💻 Affected Systems

Products:

PCMan FTP Server

Versions: 2.0.7

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of version 2.0.7 are vulnerable regardless of configuration.

📦 What is this software?

Ftp Server by Pcman

View all CVEs affecting Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Service crash causing denial of service, potentially followed by remote code execution.

🟢

If Mitigated

Service disruption but no system compromise if exploit attempts are blocked.

🌐 Internet-Facing: HIGH - Remote exploitation without authentication makes internet-facing instances extremely vulnerable.

🏢 Internal Only: MEDIUM - Internal attackers could exploit, but network segmentation reduces exposure.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code exists, making weaponization straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

1. Check for vendor updates at official PCMan FTP Server website
2. If no patch exists, migrate to alternative FTP server software
3. Apply workarounds immediately

🔧 Temporary Workarounds

Block RMD command at firewall

linux

Prevent exploitation by blocking RMD commands to the FTP server

iptables -A INPUT -p tcp --dport 21 -m string --string "RMD" --algo bm -j DROP

Disable FTP service

windows

Temporarily disable the FTP service until patching is possible

sc stop "PCMan FTP Server"
sc config "PCMan FTP Server" start= disabled

🧯 If You Can't Patch

Isolate the FTP server in a dedicated network segment with strict firewall rules
Implement application-level firewall or WAF to filter malicious RMD commands

🔍 How to Verify

Check if Vulnerable:

Check FTP server version in application interface or installation directory

Check Version:

Check application properties or installation directory for version information

Verify Fix Applied:

Verify version is no longer 2.0.7 or test with exploit PoC in controlled environment

📡 Detection & Monitoring

Log Indicators:

Multiple failed RMD commands
Unusually long RMD command parameters
FTP service crash logs

Network Indicators:

RMD commands with excessive payload length
FTP traffic patterns matching exploit code

SIEM Query:

source="ftp.log" AND command="RMD" AND (length>100 OR contains(buffer))

📊 Metadata

CVE ID: CVE-2025-4255

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 2.8% exploit probability (85.8th percentile)

Published: May 5, 2025

Last Updated: May 16, 2025

🔗 References

https://fitoxs.com/exploit/exploit-52a33c7f018ae348f748582eae6aa7d38b2b5f1f3dc5d3b6793772e1f8223eb0.txt Exploit
https://vuldb.com/?ctiid.307359 Permissions Required
https://vuldb.com/?id.307359 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.561623 Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-4255, you might also want to check these: