Login Sign Up

CVE-2025-5551

7.3 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

CVE-2025-5551 is a critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's SYSTEM command handler that allows remote attackers to execute arbitrary code. This affects all deployments of FreeFloat FTP Server 1.0. Attackers can exploit this without authentication to potentially gain complete control of affected systems.

💻 Affected Systems

Products:
  • FreeFloat FTP Server
Versions: 1.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of FreeFloat FTP Server 1.0 are vulnerable regardless of configuration.

📦 What is this software?

Freefloat Ftp Server by Freefloat

View all CVEs affecting Freefloat Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, ransomware deployment, or creation of persistent backdoors.

🟠

Likely Case

Remote code execution resulting in system compromise, data exfiltration, or use as pivot point in network attacks.

🟢

If Mitigated

Denial of service if exploit fails or system crashes before code execution.

🌐 Internet-Facing: HIGH - Remote exploitation without authentication makes internet-facing instances extremely vulnerable.
🏢 Internal Only: HIGH - Even internal instances are vulnerable to network-accessible attacks from compromised internal hosts.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code is available, making exploitation trivial for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch exists. FreeFloat FTP Server appears to be abandoned software. Migrate to a supported, secure FTP server solution.

🔧 Temporary Workarounds

Disable FreeFloat FTP Server

windows

Immediately stop and disable the FreeFloat FTP Server service

sc stop FreeFloatFTPServer
sc config FreeFloatFTPServer start= disabled

Network Segmentation

all

Block FTP ports (21/TCP, 20/TCP) at network perimeter and internal firewalls

🧯 If You Can't Patch

  • Replace FreeFloat FTP Server with a supported alternative like FileZilla Server, vsftpd, or ProFTPD
  • Implement strict network access controls to limit FTP server access to specific IP addresses only

🔍 How to Verify

Check if Vulnerable:

Check if FreeFloat FTP Server 1.0 is installed and running. Look for 'FreeFloat FTP Server' in installed programs or services.

Check Version:

Check program files directory for FreeFloat FTP Server files or examine service properties

Verify Fix Applied:

Verify FreeFloat FTP Server service is stopped and disabled, or confirm replacement with secure alternative is functioning.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SYSTEM command usage in FTP logs
  • Large buffer inputs to FTP commands
  • Service crashes or restarts

Network Indicators:

  • Exploit patterns in FTP traffic
  • Unusual outbound connections from FTP server

SIEM Query:

source="ftp.log" AND (command="SYSTEM" AND size>1000) OR (event="buffer_overflow" OR event="crash")

📊 Metadata

CVE ID: CVE-2025-5551
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.11% exploit probability (29.1th percentile)
Published: June 4, 2025
Last Updated: June 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5551, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)