CVE-2025-5547 – A critical buffer overflow vulnerability in Fre... (How to Fix)

Q: What is the severity of CVE-2025-5547?

CVE-2025-5547 has a CVSS score of 7.3 (HIGH). A critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's CDUP command handler allows remote attackers to execute arbitrary code or crash the service. This affects all deployments of FreeFloat FTP Server 1.0 with the vulnerable component enabled. Attackers can exploit this without authentication over the network.

📋 TL;DR

A critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's CDUP command handler allows remote attackers to execute arbitrary code or crash the service. This affects all deployments of FreeFloat FTP Server 1.0 with the vulnerable component enabled. Attackers can exploit this without authentication over the network.

💻 Affected Systems

Products:

FreeFloat FTP Server

Versions: 1.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of FreeFloat FTP Server 1.0 are vulnerable when the FTP service is running

📦 What is this software?

Freefloat Ftp Server by Freefloat

View all CVEs affecting Freefloat Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment

🟠

Likely Case

Service crash causing denial of service, potentially followed by remote code execution

🟢

If Mitigated

Service disruption with limited lateral movement if properly segmented

🌐 Internet-Facing: HIGH - Remote unauthenticated exploit with public proof-of-concept available

🏢 Internal Only: HIGH - Same exploit works internally, could facilitate lateral movement

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code available, making this easily weaponizable by attackers

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch available. Consider migrating to a maintained FTP server solution.

🔧 Temporary Workarounds

Disable FreeFloat FTP Server

windows

Stop and disable the FreeFloat FTP Server service

sc stop FreeFloatFTPServer
sc config FreeFloatFTPServer start= disabled

Network segmentation

windows

Block FTP port (21) at network perimeter and internally

netsh advfirewall firewall add rule name="Block FTP" dir=in action=block protocol=TCP localport=21

🧯 If You Can't Patch

Replace FreeFloat FTP Server with a maintained alternative like FileZilla Server or vsftpd
Implement strict network segmentation to isolate FTP server from critical systems

🔍 How to Verify

Check if Vulnerable:

Check if FreeFloat FTP Server 1.0 is installed and running on port 21

Check Version:

Check program files directory for FreeFloat FTP Server installation

Verify Fix Applied:

Verify service is stopped/disabled and port 21 is not listening

📡 Detection & Monitoring

Log Indicators:

Multiple failed CDUP commands
Unusual buffer overflow errors in FTP logs
Service crash events

Network Indicators:

Excessive CDUP commands with long parameters
Traffic patterns matching known exploit

SIEM Query:

source="ftp.log" AND (command="CDUP" AND length>100) OR (event_id=1000 AND process_name="FreeFloatFTPServer.exe")

📊 Metadata

CVE ID: CVE-2025-5547

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.11% exploit probability (29.1th percentile)

Published: June 4, 2025

Last Updated: June 24, 2025

🔗 References

https://fitoxs.com/exploit/exploit-a9c9f7b4f50efc4b4be32e7ec4d3f7dfd7390e9be4ff168d9ab7a0eb911f8f3a1.txt Exploit
https://vuldb.com/?ctiid.310997 Permissions Required,VDB Entry
https://vuldb.com/?id.310997 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.586981 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5547, you might also want to check these: