CVE-2025-5549 – CVE-2025-5549 is a critical buffer overflow vul... (How to Fix)

Q: What is the severity of CVE-2025-5549?

CVE-2025-5549 has a CVSS score of 7.3 (HIGH). CVE-2025-5549 is a critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's PASV command handler that allows remote attackers to execute arbitrary code or crash the service. This affects all deployments of FreeFloat FTP Server 1.0. The vulnerability is remotely exploitable without authentication.

📋 TL;DR

CVE-2025-5549 is a critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's PASV command handler that allows remote attackers to execute arbitrary code or crash the service. This affects all deployments of FreeFloat FTP Server 1.0. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:

FreeFloat FTP Server

Versions: 1.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of FreeFloat FTP Server 1.0 are vulnerable when PASV mode is enabled (default).

📦 What is this software?

Freefloat Ftp Server by Freefloat

View all CVEs affecting Freefloat Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Service disruption through denial of service (crash) or limited code execution in the FTP server context.

🟢

If Mitigated

If properly segmented and monitored, impact limited to FTP service disruption without lateral movement.

🌐 Internet-Facing: HIGH - Remote unauthenticated exploit with public proof-of-concept available.

🏢 Internal Only: MEDIUM - Still exploitable from internal networks but attack surface is reduced.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available and requires minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch exists. Replace FreeFloat FTP Server 1.0 with a maintained alternative.

🔧 Temporary Workarounds

Disable PASV mode

windows

Configure FreeFloat FTP Server to use only PORT mode instead of PASV mode

Edit FreeFloat configuration to disable PASV support

Network segmentation

all

Restrict FTP server access to trusted networks only

Configure firewall rules to limit FTP port (21) access

🧯 If You Can't Patch

Immediately isolate the FTP server from internet access
Implement strict network monitoring for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check if FreeFloat FTP Server 1.0 is installed and running on port 21

Check Version:

Check program files or registry for FreeFloat FTP Server version information

Verify Fix Applied:

Verify FreeFloat FTP Server 1.0 has been removed or replaced with alternative software

📡 Detection & Monitoring

Log Indicators:

Multiple failed PASV command attempts
Unusual buffer overflow error messages in FTP logs

Network Indicators:

Malformed PASV commands with excessive data length
Exploit pattern traffic to FTP port 21

SIEM Query:

source="ftp.log" AND ("PASV" AND "buffer" OR "overflow")

📊 Metadata

CVE ID: CVE-2025-5549

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.11% exploit probability (29.1th percentile)

Published: June 4, 2025

Last Updated: June 24, 2025

🔗 References

https://fitoxs.com/exploit/exploit-db8a685cdd982cfdfd1844a3f6cb0c497843e401fb1b1cc33f6c1c3190b973ad.txt Exploit
https://vuldb.com/?ctiid.310999 Permissions Required,VDB Entry
https://vuldb.com/?id.310999 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.586983 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5549, you might also want to check these: