CVE-2025-5637 – CVE-2025-5637 is a critical buffer overflow vul... (How to Fix)

Q: What is the severity of CVE-2025-5637?

CVE-2025-5637 has a CVSS score of 7.3 (HIGH). CVE-2025-5637 is a critical buffer overflow vulnerability in PCMan FTP Server 2.0.7's SYSTEM command handler that allows remote attackers to execute arbitrary code or crash the service. This affects anyone running the vulnerable FTP server version. Attackers can exploit this without authentication to potentially gain full control of affected systems.

📋 TL;DR

CVE-2025-5637 is a critical buffer overflow vulnerability in PCMan FTP Server 2.0.7's SYSTEM command handler that allows remote attackers to execute arbitrary code or crash the service. This affects anyone running the vulnerable FTP server version. Attackers can exploit this without authentication to potentially gain full control of affected systems.

💻 Affected Systems

Products:

PCMan FTP Server

Versions: 2.0.7

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: The SYSTEM command handler is a core component; all installations of version 2.0.7 are vulnerable regardless of configuration.

📦 What is this software?

Ftp Server by Pcman

View all CVEs affecting Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, ransomware deployment, or creation of persistent backdoors.

🟠

Likely Case

Service crash causing denial of service, with potential for remote code execution by skilled attackers using the public exploit.

🟢

If Mitigated

Limited to service disruption if exploit attempts are blocked by network controls, though RCE remains possible if traffic reaches the server.

🌐 Internet-Facing: HIGH - Remote unauthenticated exploitation makes internet-facing instances extremely vulnerable to attack.

🏢 Internal Only: HIGH - Even internal instances are vulnerable to any attacker with network access to the server.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available, making weaponization trivial for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

1. Check for updated version from PCMan FTP Server vendor. 2. If no patch exists, migrate to alternative FTP server software. 3. Uninstall vulnerable version immediately.

🔧 Temporary Workarounds

Network Access Control

windows

Block all external access to FTP server ports (default TCP 21) using firewall rules.

Windows Firewall: netsh advfirewall firewall add rule name="Block FTP" dir=in action=block protocol=TCP localport=21

Disable FTP Service

windows

Stop and disable the PCMan FTP Server service to prevent exploitation.

sc stop "PCMan FTP Server"
sc config "PCMan FTP Server" start= disabled

🧯 If You Can't Patch

Isolate the vulnerable server in a restricted network segment with no internet access
Implement strict network monitoring and IDS/IPS rules to detect exploit attempts

🔍 How to Verify

Check if Vulnerable:

Check installed version via Windows Programs and Features or by examining the server executable properties. Version 2.0.7 is vulnerable.

Check Version:

wmic product where "name like 'PCMan FTP Server%'" get version

Verify Fix Applied:

Verify PCMan FTP Server is uninstalled or upgraded to a non-vulnerable version. Confirm service is stopped and ports are closed.

📡 Detection & Monitoring

Log Indicators:

Multiple failed FTP connection attempts
Unusual SYSTEM command usage patterns
Server crash logs

Network Indicators:

Excessive traffic to FTP port 21 with malformed commands
Exploit pattern detection in packet captures

SIEM Query:

source="ftp_server.log" AND (event="SYSTEM" OR event="buffer_overflow" OR event="crash")

📊 Metadata

CVE ID: CVE-2025-5637

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.11% exploit probability (29.1th percentile)

Published: June 5, 2025

Last Updated: June 24, 2025

🔗 References

https://fitoxs.com/exploit/exploit-af5b0137a4b3e132a79a087dbb97a8854fc4db337aad9a85fae3c7e748da3ad595.txt Exploit
https://vuldb.com/?ctiid.311124 Permissions Required,VDB Entry
https://vuldb.com/?id.311124 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.587064 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5637, you might also want to check these: