CVE-2025-5076 – CVE-2025-5076 is a critical buffer overflow vul... (How to Fix)

Q: What is the severity of CVE-2025-5076?

CVE-2025-5076 has a CVSS score of 7.3 (HIGH). CVE-2025-5076 is a critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's SEND command handler that allows remote attackers to execute arbitrary code or crash the service. This affects all deployments of FreeFloat FTP Server 1.0. The vulnerability is remotely exploitable without authentication.

📋 TL;DR

CVE-2025-5076 is a critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's SEND command handler that allows remote attackers to execute arbitrary code or crash the service. This affects all deployments of FreeFloat FTP Server 1.0. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:

FreeFloat FTP Server

Versions: 1.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of FreeFloat FTP Server 1.0 are vulnerable regardless of configuration.

📦 What is this software?

Freefloat Ftp Server by Freefloat

View all CVEs affecting Freefloat Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Service crash causing denial of service, with potential for remote code execution by skilled attackers.

🟢

If Mitigated

Service disruption but limited lateral movement if proper network segmentation and least privilege are implemented.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and affects an internet-facing service.

🏢 Internal Only: MEDIUM - While still vulnerable, internal-only deployments have reduced attack surface compared to internet-facing instances.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch is available. Consider migrating to a supported FTP server solution.

🔧 Temporary Workarounds

Disable FreeFloat FTP Server

windows

Stop and disable the FreeFloat FTP Server service to prevent exploitation.

sc stop FreeFloatFTPServer
sc config FreeFloatFTPServer start= disabled

Network Access Control

windows

Restrict network access to the FTP server using firewall rules.

netsh advfirewall firewall add rule name="Block FreeFloat FTP" dir=in action=block protocol=TCP localport=21

🧯 If You Can't Patch

Replace FreeFloat FTP Server with a supported alternative like FileZilla Server, vsftpd, or ProFTPD.
Implement strict network segmentation and firewall rules to limit access to the vulnerable server.

🔍 How to Verify

Check if Vulnerable:

Check if FreeFloat FTP Server 1.0 is installed and running on the system.

Check Version:

Check installed programs in Control Panel or run: wmic product get name,version | findstr /i freefloat

Verify Fix Applied:

Verify the service is stopped/disabled or that the software has been removed.

📡 Detection & Monitoring

Log Indicators:

Multiple failed SEND command attempts
Unusual buffer overflow errors in FTP logs
Service crash events in Windows Event Log

Network Indicators:

Excessive SEND commands with large payloads
Traffic patterns indicating buffer overflow attempts

SIEM Query:

source="ftp.log" AND (command="SEND" AND size>threshold) OR (event_id=1000 AND process_name="FreeFloatFTPServer.exe")

📊 Metadata

CVE ID: CVE-2025-5076

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.14% exploit probability (34.1th percentile)

Published: May 22, 2025

Last Updated: June 23, 2025

🔗 References

https://fitoxs.com/exploit/exploit-9829d8aeaf006c1a3474f4cbcc27d3dd30b5e2053444fd36b805b785f65b2e3e.txt Exploit
https://vuldb.com/?ctiid.309956 Permissions Required,VDB Entry
https://vuldb.com/?id.309956 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.581297 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5076, you might also want to check these: