CVE-2025-5667 – CVE-2025-5667 is a critical buffer overflow vul... (How to Fix)

Q: What is the severity of CVE-2025-5667?

CVE-2025-5667 has a CVSS score of 7.3 (HIGH). CVE-2025-5667 is a critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's REIN command handler that allows remote attackers to execute arbitrary code or crash the service. This affects all deployments of FreeFloat FTP Server 1.0 with the vulnerable component enabled. Attackers can exploit this without authentication over the network.

📋 TL;DR

CVE-2025-5667 is a critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's REIN command handler that allows remote attackers to execute arbitrary code or crash the service. This affects all deployments of FreeFloat FTP Server 1.0 with the vulnerable component enabled. Attackers can exploit this without authentication over the network.

💻 Affected Systems

Products:

FreeFloat FTP Server

Versions: 1.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of FreeFloat FTP Server 1.0 are vulnerable if the FTP service is running.

📦 What is this software?

Freefloat Ftp Server by Freefloat

View all CVEs affecting Freefloat Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Service disruption through denial of service and potential remote code execution for initial foothold.

🟢

If Mitigated

Limited to service disruption if proper network segmentation and exploit prevention controls are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch exists. Consider migrating to a maintained FTP server solution.

🔧 Temporary Workarounds

Disable FreeFloat FTP Server

windows

Stop and disable the FreeFloat FTP Server service to prevent exploitation.

sc stop FreeFloatFTPServer
sc config FreeFloatFTPServer start= disabled

Block FTP Port at Firewall

windows

Block external access to FTP port (default TCP/21) to prevent remote exploitation.

netsh advfirewall firewall add rule name="Block FTP" dir=in action=block protocol=TCP localport=21

🧯 If You Can't Patch

Replace FreeFloat FTP Server with a maintained alternative like FileZilla Server or vsftpd.
Implement strict network segmentation to isolate FTP server from critical systems.

🔍 How to Verify

Check if Vulnerable:

Check if FreeFloat FTP Server 1.0 is installed and running on the system.

Check Version:

Check program files directory for FreeFloat FTP Server installation and version information.

Verify Fix Applied:

Verify the service is stopped/disabled and port 21 is not listening.

📡 Detection & Monitoring

Log Indicators:

Multiple failed REIN command attempts
Abnormal FTP service crashes
Buffer overflow error messages in application logs

Network Indicators:

Unusual traffic patterns to FTP port 21
Exploit-specific payloads in network captures

SIEM Query:

source="ftp.log" AND (REIN OR "buffer overflow")

📊 Metadata

CVE ID: CVE-2025-5667

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.11% exploit probability (29.1th percentile)

Published: June 5, 2025

Last Updated: June 24, 2025

🔗 References

https://fitoxs.com/exploit/exploit-28d5c2bfb3678b7195e43efb6617f46439a1b1cb7e36b7891094a8ad7f8193dc.txt Exploit
https://vuldb.com/?ctiid.311156 Permissions Required,VDB Entry
https://vuldb.com/?id.311156 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.587026 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5667, you might also want to check these: