CVE-2025-4845 – A critical buffer overflow vulnerability exists... (How to Fix)

Q: What is the severity of CVE-2025-4845?

CVE-2025-4845 has a CVSS score of 7.3 (HIGH). A critical buffer overflow vulnerability exists in FreeFloat FTP Server 1.0's TRACE command handler, allowing remote attackers to execute arbitrary code or crash the service. This affects all deployments of FreeFloat FTP Server 1.0 with the vulnerable component enabled. The exploit is publicly available and can be launched remotely without authentication.

📋 TL;DR

A critical buffer overflow vulnerability exists in FreeFloat FTP Server 1.0's TRACE command handler, allowing remote attackers to execute arbitrary code or crash the service. This affects all deployments of FreeFloat FTP Server 1.0 with the vulnerable component enabled. The exploit is publicly available and can be launched remotely without authentication.

💻 Affected Systems

Products:

FreeFloat FTP Server

Versions: 1.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of FreeFloat FTP Server 1.0 are vulnerable if the TRACE command handler is enabled (default).

📦 What is this software?

Ftp Server by Freefloat

View all CVEs affecting Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Service crash causing denial of service, potentially followed by remote code execution.

🟢

If Mitigated

Denial of service only if exploit fails or controls limit impact.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch is available. Consider upgrading to a supported FTP server or implementing workarounds.

🔧 Temporary Workarounds

Disable TRACE Command

windows

Disable the TRACE command handler in FreeFloat FTP Server configuration to prevent exploitation.

Edit configuration file to remove or disable TRACE command support.

Network Segmentation

all

Restrict access to FreeFloat FTP Server using firewall rules to limit exposure.

Add firewall rule to block external access to FTP port (default 21).

🧯 If You Can't Patch

Replace FreeFloat FTP Server with a supported and secure alternative.
Implement network-based intrusion prevention systems (IPS) to block exploit attempts.

🔍 How to Verify

Check if Vulnerable:

Check if FreeFloat FTP Server 1.0 is installed and running. Use version command or check installed programs.

Check Version:

Check program version in Windows Add/Remove Programs or server interface.

Verify Fix Applied:

Verify TRACE command is disabled in configuration or server is replaced/segmented.

📡 Detection & Monitoring

Log Indicators:

Unusual TRACE command usage in FTP logs.
Server crash or abnormal termination logs.

Network Indicators:

Incoming connections sending malformed TRACE commands to FTP port.

SIEM Query:

source="ftp_logs" AND command="TRACE" AND payload_length>normal

📊 Metadata

CVE ID: CVE-2025-4845

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.16% exploit probability (36.4th percentile)

Published: May 18, 2025

Last Updated: June 4, 2025

🔗 References

https://fitoxs.com/exploit/exploit-9e4402fce85658d445174b5c4f8dff4917705d35e48c409ef6f19feca54d4102.txt Exploit
https://vuldb.com/?ctiid.309314 Permissions Required,VDB Entry
https://vuldb.com/?id.309314 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.572483 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-4845, you might also want to check these: