CVE-2025-34110
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-07-15
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| coloradoftp | coloradoftp_server | 1.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-552 | The product makes files or directories accessible to unauthorized actors, even though they should not be. |
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a directory traversal flaw in ColoradoFTP Server version 1.3 Build 8 for Windows. It allows unauthenticated attackers to manipulate FTP commands (GET and PUT) by including specially crafted file paths with traversal sequences (like '\..\') to access files and directories outside the intended FTP root directory. This means attackers can read, write, upload, or download arbitrary files on the server, potentially accessing sensitive system files. [1, 2]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to significant impacts including unauthorized reading, writing, uploading, or deletion of files on the affected FTP server. Attackers can compromise system integrity by placing malicious files (e.g., executables) in critical system directories or accessing sensitive data outside the FTP root. This can result in system compromise, data breaches, or disruption of services. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the FTP server banner matches "Welcome to ColoradoFTP - the open source FTP server (www.coldcore.com)" and by attempting to exploit the directory traversal flaw using FTP commands with specially crafted file paths containing traversal sequences such as '\..\..\'. For example, using an FTP client or automated tools, you can try the RETR (GET) command with a path like '\..\..\Windows\system32\drivers\etc\hosts' to see if files outside the FTP root directory can be accessed. Additionally, using the Metasploit auxiliary module for ColoradoFTP traversal (Resource 2) can automate detection by sending crafted FTP commands and checking for successful file retrieval. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading ColoradoFTP Server to Prime Edition Build 9 or later, where the vulnerability is fixed. Until the update can be applied, restrict access to the FTP server to trusted users only, disable anonymous or unauthenticated FTP access, and monitor FTP logs for suspicious commands containing directory traversal sequences (e.g., '\..\'). Applying network-level controls such as firewall rules to limit FTP access and using intrusion detection systems to detect exploitation attempts can also help reduce risk. [1]