Login Sign Up

CVE-2025-5220

7.3 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

CVE-2025-5220 is a critical buffer overflow vulnerability in FreeFloat FTP Server 1.0.0's GET command handler that allows remote attackers to execute arbitrary code or crash the service. This affects all deployments of FreeFloat FTP Server 1.0.0 with the vulnerable component enabled. Attackers can exploit this without authentication over the network.

💻 Affected Systems

Products:
  • FreeFloat FTP Server
Versions: 1.0.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations with GET command functionality enabled are vulnerable

📦 What is this software?

Ftp Server by Freefloat

View all CVEs affecting Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and persistent backdoor installation

🟠

Likely Case

Service crash causing denial of service, with potential for remote code execution by skilled attackers

🟢

If Mitigated

Service disruption but limited lateral movement if properly segmented and monitored

🌐 Internet-Facing: HIGH - Remote exploitation without authentication makes internet-facing instances extremely vulnerable
🏢 Internal Only: MEDIUM - Still exploitable from internal networks but requires attacker foothold

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code available, making exploitation trivial for attackers with basic skills

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch available. Consider migrating to alternative FTP server software with active maintenance.

🔧 Temporary Workarounds

Disable GET command

windows

Remove or restrict GET command functionality if not required

Configure server to disable GET command handler

Network segmentation

all

Restrict access to FTP server to trusted networks only

Configure firewall rules to limit FTP port (default 21) access

🧯 If You Can't Patch

  • Replace FreeFloat FTP Server with actively maintained alternative (FileZilla Server, vsftpd, etc.)
  • Implement strict network segmentation and firewall rules to limit FTP access to essential hosts only

🔍 How to Verify

Check if Vulnerable:

Check if FreeFloat FTP Server version 1.0.0 is installed and running

Check Version:

Check server interface or documentation for version information

Verify Fix Applied:

Verify FreeFloat FTP Server has been removed or replaced with alternative software

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed GET commands with unusual parameters
  • Server crash/restart events
  • Unusual outbound connections from FTP server

Network Indicators:

  • Excessive or malformed GET commands to FTP port
  • Traffic patterns suggesting buffer overflow attempts

SIEM Query:

source="ftp_server.log" AND (GET AND (length>normal OR contains("\x90" OR "\x41")))

📊 Metadata

CVE ID: CVE-2025-5220
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.14% exploit probability (34.1th percentile)
Published: May 27, 2025
Last Updated: June 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5220, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)