CVE-2025-34107
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-07-15
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| winaxe | ftp_client | 7.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a remote buffer overflow in the WinaXe FTP Client version 7.7, specifically in the FTP banner parsing functionality (WCMDPA10.dll). When the client connects to a remote FTP server, it expects a '220 Server Ready' response. If the server sends an excessively long response, it overflows a stack buffer in the client, allowing an attacker to execute arbitrary code with the user's privileges. The exploit involves sending a crafted payload in the 220 response that overwrites the return address and redirects execution to attacker-controlled shellcode. [1, 2, 3, 4]
How can this vulnerability impact me? :
This vulnerability can allow a remote attacker to execute arbitrary code on your machine running the WinaXe FTP Client 7.7 by exploiting the buffer overflow during the FTP connection handshake. This could lead to unauthorized actions such as running malicious programs, compromising system integrity, stealing data, or disrupting availability. Since the code executes with the user's privileges, the impact depends on the user's permissions but can be severe, including full system compromise if the user has high privileges. [1, 2, 3, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring FTP client connections for unusually long or malformed '220 Server Ready' responses from FTP servers, which trigger the buffer overflow. A practical detection method is to simulate or observe connections to FTP servers and check for abnormal response lengths or crashes in the WinaXe FTP Client version 7.7. Additionally, using the Metasploit module (EDB-40767) designed to exploit this vulnerability can help verify if the client is vulnerable by safely testing the response behavior. There are no specific commands provided in the resources, but setting up a controlled malicious FTP server using the provided proof-of-concept Python script or the Metasploit module can help detect the vulnerability by observing client reactions. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of WinaXe FTP Client version 7.7 until a patch or update is available. Restrict FTP client connections to trusted servers only, and consider using alternative FTP clients that are not vulnerable. Network-level controls such as firewall rules to block connections to untrusted or unknown FTP servers can reduce exposure. Monitoring and blocking suspicious FTP server responses that contain overly long '220 Server Ready' messages can also help. Since the vulnerability requires user interaction (connecting to a malicious FTP server), educating users to avoid connecting to untrusted FTP servers is important. [1, 2]