CVE-2025-5052 – A critical buffer overflow vulnerability in Fre... (How to Fix)

Q: What is the severity of CVE-2025-5052?

CVE-2025-5052 has a CVSS score of 7.3 (HIGH). A critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's LS command handler allows remote attackers to execute arbitrary code or crash the service. This affects all deployments of FreeFloat FTP Server 1.0. The vulnerability is remotely exploitable without authentication.

📋 TL;DR

A critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's LS command handler allows remote attackers to execute arbitrary code or crash the service. This affects all deployments of FreeFloat FTP Server 1.0. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:

FreeFloat FTP Server

Versions: 1.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of FreeFloat FTP Server 1.0 are vulnerable regardless of configuration.

📦 What is this software?

Freefloat Ftp Server by Freefloat

View all CVEs affecting Freefloat Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Service crash causing denial of service, potentially followed by remote code execution.

🟢

If Mitigated

Service crash only if exploit fails, but system remains vulnerable to retries.

🌐 Internet-Facing: HIGH - Remote unauthenticated exploit with public proof-of-concept available.

🏢 Internal Only: HIGH - Same exploit works internally, though attack surface may be smaller.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code exists, making weaponization trivial. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch exists. FreeFloat FTP Server appears to be abandoned software. Immediate migration to alternative FTP server software is required.

🔧 Temporary Workarounds

Disable LS command via firewall

all

Block FTP commands at network level to prevent exploitation

Use firewall rules to block FTP command traffic to port 21

Network segmentation

all

Isolate FreeFloat FTP Server from critical networks

Configure VLANs or firewall rules to restrict access

🧯 If You Can't Patch

Immediately disable or uninstall FreeFloat FTP Server 1.0
Migrate to maintained FTP server software like FileZilla Server, vsftpd, or ProFTPD

🔍 How to Verify

Check if Vulnerable:

Check if FreeFloat FTP Server 1.0 is installed and running on port 21

Check Version:

Check program files or installation directory for version information

Verify Fix Applied:

Verify FreeFloat FTP Server is no longer installed or running

📡 Detection & Monitoring

Log Indicators:

Multiple failed LS commands
Unusually long LS command parameters
Service crash logs

Network Indicators:

Excessive traffic to FTP port 21 with long command strings
Buffer overflow patterns in packet captures

SIEM Query:

source="ftp.log" AND (command="LS" AND length>100) OR (event="crash" AND process="FreeFloat")

📊 Metadata

CVE ID: CVE-2025-5052

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.16% exploit probability (36.4th percentile)

Published: May 21, 2025

Last Updated: June 23, 2025

🔗 References

https://fitoxs.com/exploit/exploit-bbcf0f842f1c5385430b6992995a8eb068c58dfbaae38ffb7df1d2c69041bc7c1.txt Exploit
https://vuldb.com/?ctiid.309871 Permissions Required,VDB Entry
https://vuldb.com/?id.309871 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.581284 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5052, you might also want to check these: