Login Sign Up

CVE-2025-5357

7.3 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

CVE-2025-5357 is a critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's PWD command handler that allows remote attackers to execute arbitrary code or crash the service. This affects all deployments of FreeFloat FTP Server 1.0. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:
  • FreeFloat FTP Server
Versions: 1.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of FreeFloat FTP Server 1.0 are vulnerable regardless of configuration

📦 What is this software?

Freefloat Ftp Server by Freefloat

View all CVEs affecting Freefloat Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment

🟠

Likely Case

Service disruption through denial of service, potential remote code execution for skilled attackers

🟢

If Mitigated

Limited impact if network segmentation and exploit prevention controls are in place

🌐 Internet-Facing: HIGH - Remote exploitation without authentication makes internet-facing instances extremely vulnerable
🏢 Internal Only: HIGH - Internal instances remain vulnerable to internal attackers or compromised systems

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code is available, making exploitation straightforward for attackers

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch available. Consider migrating to a supported FTP server solution.

🔧 Temporary Workarounds

Network Segmentation

windows

Block FTP traffic (port 21) at network boundaries to prevent remote exploitation

# Example firewall rule for Windows: netsh advfirewall firewall add rule name="Block FTP" dir=in action=block protocol=TCP localport=21

Service Disablement

windows

Disable FreeFloat FTP Server service to prevent exploitation

sc stop FreeFloatFTPServer
sc config FreeFloatFTPServer start= disabled

🧯 If You Can't Patch

  • Replace FreeFloat FTP Server with a maintained alternative like FileZilla Server, vsftpd, or ProFTPD
  • Implement strict network access controls to limit FTP server exposure to only trusted networks

🔍 How to Verify

Check if Vulnerable:

Check if FreeFloat FTP Server 1.0 is installed and running on the system

Check Version:

Check Windows Services for 'FreeFloat FTP Server' or examine installed programs

Verify Fix Applied:

Verify the service is stopped/disabled or replaced with alternative software

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed PWD commands
  • Unusually large PWD command parameters
  • Service crash events in Windows Event Log

Network Indicators:

  • Excessive FTP traffic to port 21
  • Malformed PWD commands in network captures

SIEM Query:

EventID=7036 AND ServiceName="FreeFloatFTPServer" OR ProcessName="FreeFloatFTPServer.exe"

📊 Metadata

CVE ID: CVE-2025-5357
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.14% exploit probability (34.1th percentile)
Published: May 30, 2025
Last Updated: June 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5357, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)