Login Sign Up

CVE-2025-5356

7.3 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

A critical buffer overflow vulnerability exists in FreeFloat FTP Server 1.0's BYE command handler, allowing remote attackers to execute arbitrary code or crash the service. This affects all deployments of FreeFloat FTP Server 1.0 with the vulnerable component enabled. Attackers can exploit this without authentication over the network.

💻 Affected Systems

Products:
  • FreeFloat FTP Server
Versions: 1.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of FreeFloat FTP Server 1.0 are vulnerable. The BYE command handler is a standard component.

📦 What is this software?

Freefloat Ftp Server by Freefloat

View all CVEs affecting Freefloat Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment

🟠

Likely Case

Service crash causing denial of service, potentially followed by remote code execution

🟢

If Mitigated

Service disruption only if exploit attempts are blocked by network controls

🌐 Internet-Facing: HIGH - Remote exploitation without authentication makes internet-facing instances prime targets
🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit this for lateral movement

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code is available, making this easily weaponizable. The buffer overflow is straightforward to trigger.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch exists. Consider migrating to a maintained FTP server solution.

🔧 Temporary Workarounds

Disable FreeFloat FTP Server

windows

Stop and disable the FreeFloat FTP Server service

sc stop FreeFloatFTPServer
sc config FreeFloatFTPServer start= disabled

Block FTP port at firewall

windows

Prevent external access to the FTP server

netsh advfirewall firewall add rule name="Block FTP" dir=in action=block protocol=TCP localport=21

🧯 If You Can't Patch

  • Replace FreeFloat FTP Server with a maintained alternative like FileZilla Server, vsftpd, or ProFTPD
  • Implement strict network segmentation to isolate the FTP server from critical systems

🔍 How to Verify

Check if Vulnerable:

Check if FreeFloat FTP Server 1.0 is installed and running on port 21/TCP

Check Version:

Check program files directory for FreeFloat FTP Server files and version information

Verify Fix Applied:

Verify the service is stopped/disabled or replaced with alternative software

📡 Detection & Monitoring

Log Indicators:

  • Multiple BYE commands with excessive length
  • Service crash events in Windows Event Log
  • Unusual process creation from ftpserver.exe

Network Indicators:

  • Excessive BYE command traffic to FTP port
  • Buffer overflow patterns in FTP protocol

SIEM Query:

source="windows" AND (event_id=7034 OR process_name="ftpserver.exe") AND (command_line LIKE "%BYE%" OR termination_type="crash")

📊 Metadata

CVE ID: CVE-2025-5356
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.14% exploit probability (34.1th percentile)
Published: May 30, 2025
Last Updated: June 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5356, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)