CVE-2025-5634 – A critical buffer overflow vulnerability in PCM... (How to Fix)

Q: What is the severity of CVE-2025-5634?

CVE-2025-5634 has a CVSS score of 7.3 (HIGH). A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execute arbitrary code or crash the service by sending specially crafted NOOP commands. This affects all systems running the vulnerable FTP server version. Attackers can exploit this without authentication to potentially gain control of affected systems.

📋 TL;DR

A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execute arbitrary code or crash the service by sending specially crafted NOOP commands. This affects all systems running the vulnerable FTP server version. Attackers can exploit this without authentication to potentially gain control of affected systems.

💻 Affected Systems

Products:

PCMan FTP Server

Versions: 2.0.7

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability is in the NOOP command handler, which is a standard FTP command. All installations of version 2.0.7 are vulnerable regardless of configuration.

📦 What is this software?

Ftp Server by Pcman

View all CVEs affecting Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, ransomware deployment, or creation of persistent backdoors.

🟠

Likely Case

Service crash causing denial of service, with potential for remote code execution by skilled attackers using the public exploit.

🟢

If Mitigated

Service disruption or crash without code execution if exploit attempts are blocked by network controls or security software.

🌐 Internet-Facing: HIGH - Remote exploitation without authentication makes internet-facing instances extremely vulnerable.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this, but requires network access to the FTP service.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available, making this easily weaponizable. The NOOP command is standard FTP functionality, making exploitation straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch is available. Consider upgrading to a different FTP server solution or implementing workarounds.

🔧 Temporary Workarounds

Block NOOP Commands at Network Level

linux

Use network filtering to block or inspect NOOP commands sent to the FTP server

# Example using iptables to block NOOP commands
# iptables -A INPUT -p tcp --dport 21 -m string --string "NOOP" --algo bm -j DROP

Disable FTP Service

windows

Stop and disable the PCMan FTP Server service

sc stop "PCMan FTP Server"
sc config "PCMan FTP Server" start= disabled

🧯 If You Can't Patch

Isolate the FTP server in a restricted network segment with no internet access
Implement strict firewall rules to limit FTP access to only trusted IP addresses

🔍 How to Verify

Check if Vulnerable:

Check if PCMan FTP Server version 2.0.7 is installed and running. Look for the service in Windows Services or check installed programs.

Check Version:

Check Windows Programs and Features or run: wmic product where "name like 'PCMan%'" get version

Verify Fix Applied:

Verify the service is stopped or uninstalled. Check firewall rules are blocking FTP port 21 or restricting access.

📡 Detection & Monitoring

Log Indicators:

Multiple NOOP commands in FTP logs
Unusual FTP command sequences
Service crash events in system logs

Network Indicators:

Unusually large NOOP commands in FTP traffic
Multiple connection attempts with NOOP commands
Traffic patterns matching known exploit signatures

SIEM Query:

source="ftp_logs" AND command="NOOP" AND (size>100 OR count>5)

📊 Metadata

CVE ID: CVE-2025-5634

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.11% exploit probability (29.1th percentile)

Published: June 5, 2025

Last Updated: June 24, 2025

🔗 References

https://fitoxs.com/exploit/exploit-c5e11f95f8d134e3c6b23c3b1b7ce5e79274ab0719f798f1bb509474b33b1c0e1.txt Exploit
https://vuldb.com/?ctiid.311121 Permissions Required,VDB Entry
https://vuldb.com/?id.311121 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.587048 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5634, you might also want to check these: