Login Sign Up

CVE-2025-4790

7.3 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

CVE-2025-4790 is a critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's GLOB command handler that allows remote attackers to execute arbitrary code or crash the service. This affects all users running FreeFloat FTP Server 1.0 with the vulnerable component enabled. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:
  • FreeFloat FTP Server
Versions: 1.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: The GLOB command handler appears to be enabled by default in FreeFloat FTP Server 1.0

📦 What is this software?

Freefloat Ftp Server by Freefloat

View all CVEs affecting Freefloat Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment

🟠

Likely Case

Service disruption through denial of service, potential remote code execution in default configurations

🟢

If Mitigated

Limited to service disruption if proper network segmentation and exploit prevention controls are in place

🌐 Internet-Facing: HIGH - Remote exploitation without authentication makes internet-facing instances extremely vulnerable
🏢 Internal Only: MEDIUM - Still vulnerable to internal attackers, but reduced attack surface compared to internet exposure

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code is available, making exploitation straightforward for attackers with basic skills

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch available. Consider migrating to a maintained FTP server solution or implementing workarounds.

🔧 Temporary Workarounds

Disable GLOB command

windows

Disable the vulnerable GLOB command handler in FreeFloat FTP Server configuration

Edit FreeFloat FTP Server configuration file to remove or disable GLOB command support

Network segmentation

all

Restrict FTP server access to trusted networks only

Configure firewall rules to allow FTP access only from required IP ranges

🧯 If You Can't Patch

  • Replace FreeFloat FTP Server with a maintained alternative like FileZilla Server, vsftpd, or ProFTPD
  • Implement strict network access controls and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check if FreeFloat FTP Server version 1.0 is installed and running

Check Version:

Check FreeFloat FTP Server interface or installation directory for version information

Verify Fix Applied:

Verify FreeFloat FTP Server has been removed or replaced with a secure alternative

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed GLOB command attempts
  • Unusual GLOB command patterns with long parameters
  • FTP server crash logs

Network Indicators:

  • Excessive GLOB command usage from single source
  • FTP traffic patterns matching known exploit signatures

SIEM Query:

source="ftp_logs" AND (command="GLOB" AND parameter_length>1000) OR (event="crash" AND process="FreeFloat FTP")

📊 Metadata

CVE ID: CVE-2025-4790
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.15% exploit probability (35.6th percentile)
Published: May 16, 2025
Last Updated: May 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-4790, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)