Login Sign Up

CVE-2025-5665

7.3 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

CVE-2025-5665 is a critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's XCWD command handler that allows remote attackers to execute arbitrary code or crash the service. This affects all deployments of FreeFloat FTP Server 1.0. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:
  • FreeFloat FTP Server
Versions: 1.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of FreeFloat FTP Server 1.0 are vulnerable regardless of configuration.

📦 What is this software?

Freefloat Ftp Server by Freefloat

View all CVEs affecting Freefloat Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Service disruption through denial of service or limited code execution in constrained environments.

🟢

If Mitigated

Service crash with no further impact if proper network segmentation and least privilege are implemented.

🌐 Internet-Facing: HIGH - Remote exploitation without authentication makes internet-facing instances extremely vulnerable.
🏢 Internal Only: HIGH - Internal instances remain vulnerable to internal attackers or lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code is available, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch exists. Consider migrating to a maintained FTP server solution.

🔧 Temporary Workarounds

Network Access Control

windows

Restrict access to FreeFloat FTP Server using firewall rules to only trusted IP addresses.

# Windows Firewall: New-NetFirewallRule -DisplayName "Block FreeFloat FTP" -Direction Inbound -Protocol TCP -LocalPort 21 -Action Block

Service Disablement

windows

Disable or uninstall FreeFloat FTP Server if not required.

sc stop FreeFloatFTP
sc config FreeFloatFTP start= disabled

🧯 If You Can't Patch

  • Isolate the vulnerable server in a dedicated network segment with strict firewall rules.
  • Implement application allowlisting to prevent execution of unauthorized code.

🔍 How to Verify

Check if Vulnerable:

Check if FreeFloat FTP Server 1.0 is installed and running on port 21/TCP.

Check Version:

Check program files directory for FreeFloat FTP Server files and version information.

Verify Fix Applied:

Verify the service is stopped/removed or network access is properly restricted.

📡 Detection & Monitoring

Log Indicators:

  • Unusual XCWD command patterns
  • Service crash logs
  • Buffer overflow error messages

Network Indicators:

  • Excessive or malformed XCWD commands to port 21
  • Traffic patterns matching known exploit

SIEM Query:

source="FreeFloat FTP Server" AND (event="XCWD" OR event="buffer overflow" OR event="crash")

📊 Metadata

CVE ID: CVE-2025-5665
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.11% exploit probability (29.1th percentile)
Published: June 5, 2025
Last Updated: June 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5665, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)