Login Sign Up

CVE-2025-5593

7.3 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

A critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's HOST command handler allows remote attackers to execute arbitrary code or crash the service. This affects all deployments of FreeFloat FTP Server 1.0. Attackers can exploit this without authentication over the network.

💻 Affected Systems

Products:
  • FreeFloat FTP Server
Versions: 1.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of FreeFloat FTP Server 1.0 are vulnerable. The HOST command is typically enabled by default.

📦 What is this software?

Freefloat Ftp Server by Freefloat

View all CVEs affecting Freefloat Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Service crash causing denial of service, potentially followed by remote code execution.

🟢

If Mitigated

Service crash only if exploit fails, but still causes availability impact.

🌐 Internet-Facing: HIGH - Remote unauthenticated exploit with public proof-of-concept available.
🏢 Internal Only: HIGH - Same exploit works internally, could facilitate lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code is available, making exploitation trivial for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch exists. Replace FreeFloat FTP Server with a maintained alternative like FileZilla Server, vsftpd, or ProFTPD.

🔧 Temporary Workarounds

Disable FreeFloat FTP Server

windows

Stop and disable the FreeFloat FTP Server service immediately.

sc stop FreeFloatFTPServer
sc config FreeFloatFTPServer start= disabled

Block FTP port at firewall

windows

Block external access to FTP port (typically TCP 21) at network perimeter.

netsh advfirewall firewall add rule name="Block FTP" dir=in action=block protocol=TCP localport=21

🧯 If You Can't Patch

  • Isolate affected systems in separate network segment with strict firewall rules
  • Implement network-based intrusion prevention to detect and block exploit attempts

🔍 How to Verify

Check if Vulnerable:

Check if FreeFloat FTP Server 1.0 is installed and running on port 21/TCP.

Check Version:

Check installed programs in Control Panel or run: wmic product get name,version | findstr FreeFloat

Verify Fix Applied:

Verify FreeFloat FTP Server is no longer running and port 21 is closed or blocked.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed HOST command attempts
  • Unusually long HOST command parameters
  • Service crash logs

Network Indicators:

  • Excessive traffic to FTP port 21 with malformed HOST commands
  • Buffer overflow patterns in FTP traffic

SIEM Query:

source="*ftp*" AND ("HOST" AND length>100) OR "buffer overflow" OR "access violation"

📊 Metadata

CVE ID: CVE-2025-5593
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.11% exploit probability (29.1th percentile)
Published: June 4, 2025
Last Updated: June 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5593, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)