Login Sign Up

CVE-2025-5217

7.3 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

A critical buffer overflow vulnerability in FreeFloat FTP Server 1.0.0 allows remote attackers to execute arbitrary code or crash the service by sending specially crafted RMDIR commands. This affects all systems running FreeFloat FTP Server 1.0.0 with the vulnerable component enabled. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:
  • FreeFloat FTP Server
Versions: 1.0.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: The RMDIR command handler is typically enabled by default in FTP server configurations.

📦 What is this software?

Ftp Server by Freefloat

View all CVEs affecting Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Service disruption through denial of service (crash) or limited code execution depending on exploit sophistication.

🟢

If Mitigated

If network segmentation and strict firewall rules are in place, impact is limited to the FTP service itself.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code is available, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch is available. Consider migrating to a supported FTP server solution.

🔧 Temporary Workarounds

Disable RMDIR command via configuration

windows

Modify FreeFloat FTP Server configuration to disable the RMDIR command handler if possible.

Check FreeFloat FTP Server configuration file for RMDIR command settings

Network segmentation and firewall rules

windows

Restrict access to the FTP server to only trusted IP addresses or internal networks.

Example Windows Firewall: netsh advfirewall firewall add rule name="Block FTP External" dir=in action=block protocol=TCP localport=21 remoteip=any

🧯 If You Can't Patch

  • Immediately isolate the FreeFloat FTP Server from internet access using firewall rules.
  • Migrate to a modern, supported FTP server application with active security updates.

🔍 How to Verify

Check if Vulnerable:

Check if FreeFloat FTP Server version 1.0.0 is installed and running on the system.

Check Version:

Check FreeFloat FTP Server interface or documentation for version information.

Verify Fix Applied:

Verify the server has been upgraded to a different FTP solution or that RMDIR command is disabled.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed RMDIR commands with unusual parameters
  • FTP server crash logs
  • Unusual process execution following FTP connections

Network Indicators:

  • Excessive RMDIR commands to FTP port 21
  • Traffic patterns matching known exploit payloads

SIEM Query:

source="ftp.log" AND command="RMDIR" AND (parameter_length>100 OR parameter contains non-ASCII)

📊 Metadata

CVE ID: CVE-2025-5217
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.14% exploit probability (34.1th percentile)
Published: May 27, 2025
Last Updated: June 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5217, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)