Login Sign Up

CVE-2025-4792

7.3 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

CVE-2025-4792 is a critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's MDELETE command handler that allows remote attackers to execute arbitrary code or crash the service. This affects all deployments of FreeFloat FTP Server 1.0 with the vulnerable component enabled. Attackers can exploit this without authentication to potentially gain control of affected systems.

💻 Affected Systems

Products:
  • FreeFloat FTP Server
Versions: 1.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of FreeFloat FTP Server 1.0 are vulnerable when the MDELETE command handler is active

📦 What is this software?

Freefloat Ftp Server by Freefloat

View all CVEs affecting Freefloat Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and persistent backdoor installation

🟠

Likely Case

Service disruption through denial of service and potential remote code execution for initial foothold

🟢

If Mitigated

Service crash with limited impact if proper network segmentation and least privilege are implemented

🌐 Internet-Facing: HIGH - Remote exploitation without authentication makes internet-facing instances extremely vulnerable
🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit this for lateral movement

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code is available, making exploitation trivial for attackers with basic skills

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch available. Consider migrating to a maintained FTP server solution.

🔧 Temporary Workarounds

Disable MDELETE Command

windows

Disable the vulnerable MDELETE command handler in FreeFloat FTP Server configuration

Edit configuration file to remove or disable MDELETE command support

Network Access Control

windows

Restrict FTP server access to trusted IP addresses only

Configure Windows Firewall to allow FTP only from specific IP ranges

🧯 If You Can't Patch

  • Replace FreeFloat FTP Server with a maintained alternative like FileZilla Server or vsftpd
  • Implement strict network segmentation to isolate FTP server from critical systems

🔍 How to Verify

Check if Vulnerable:

Check if FreeFloat FTP Server version 1.0 is installed and running

Check Version:

Check program files directory for FreeFloat FTP Server installation and version information

Verify Fix Applied:

Verify FreeFloat FTP Server has been removed or replaced with secure alternative

📡 Detection & Monitoring

Log Indicators:

  • Multiple MDELETE command attempts
  • FTP server crash logs
  • Unusual buffer overflow error messages

Network Indicators:

  • Excessive MDELETE commands to FTP server
  • Malformed FTP packets targeting port 21

SIEM Query:

source="ftp.log" AND (command="MDELETE" OR error="buffer" OR error="overflow")

📊 Metadata

CVE ID: CVE-2025-4792
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.16% exploit probability (36.4th percentile)
Published: May 16, 2025
Last Updated: June 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-4792, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)