CVE-2025-5634
BaseFortify
Publication date: 2025-06-05
Last updated on: 2025-06-24
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pcman | ftp_server | 2.0.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5634 is a critical buffer overflow vulnerability in PCMan FTP Server version 2.0.7, specifically in the NOOP Command Handler. The vulnerability occurs because the server copies an input buffer to an output buffer without checking if the input size fits, leading to a buffer overflow. This can be exploited remotely without authentication by sending a specially crafted NOOP command, allowing attackers to execute arbitrary code on the server, such as opening a reverse shell. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing remote attackers to execute arbitrary code on the affected PCMan FTP Server without authentication. This can lead to compromise of confidentiality, integrity, and availability of the system. Attackers can gain remote shell access with the privileges of the FTP server process, potentially taking full control of the affected machine, disrupting services, stealing data, or launching further attacks. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to send a crafted NOOP command with an excessively long payload to the PCMan FTP Server 2.0.7 on port 21 and observing if the server crashes or behaves abnormally, indicating a buffer overflow. Detection can also involve monitoring for unusual FTP NOOP command traffic with large payloads. Specific commands include using tools like netcat or custom scripts to send a NOOP command with a large buffer (e.g., 2006 'A' characters followed by test data) to the FTP server. For example, using netcat: `echo -e "NOOP $(python -c 'print("A"*2006)')" | nc <target_ip> 21` to test for vulnerability. Additionally, using Metasploit's pattern_create and pattern_offset tools can help identify the exact offset if debugging is possible. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing or upgrading the affected PCMan FTP Server 2.0.7 software with a secure alternative, as no known patches or countermeasures currently exist. Restricting access to the FTP server from untrusted networks and implementing network-level protections such as firewalls or intrusion prevention systems to block malicious NOOP commands can reduce exposure. Monitoring network traffic for exploit attempts and disabling or limiting the use of the NOOP command if possible are also recommended. Since the exploit is publicly available and remotely executable without authentication, urgent action to remove or isolate the vulnerable server is advised. [1]