CVE-2025-5112
Buffer overflow vulnerability in FreeFloat FTP Server 1.0
Overview
This vulnerability, classified as critical, has been identified in FreeFloat FTP Server 1.0. It affects an unknown part of the MGET Command Handler and leads to a buffer overflow that could be exploited remotely. The exploit has been publicly disclosed.
Technical Details
The issue arises from improper handling of the MGET command, which results in a buffer overflow condition. It can be exploited by an attacker using a network connection without requiring any particular privileges or user interaction.
CVSS Metrics
- Base Score: 7.3 (HIGH as per CVSS v3.1)
- Attack Vector: NETWORK
- Attack Complexity: LOW
- Privileges Required: NONE
- User Interaction: NONE
- Confidentiality Impact: LOW
- Integrity Impact: LOW
- Availability Impact: LOW
Impact
The vulnerability allows an attacker to cause a buffer overflow condition which can potentially lead to the execution of arbitrary code, data corruption or system crash.
Recommendations
To mitigate this vulnerability, it is advisable to apply patches and updates provided by the vendor. Configure the protection settings of the MGET handler to prevent buffer overflow.
Threat Metrics
- "cvss_score": 7.3
- "severity": "HIGH"
- "attack_vector": "NETWORK"
- "attack_complexity": "LOW"