CVE-2019-25614
Buffer Overflow in Free Float FTP STOR Command Enables RCE
Publication date: 2026-03-22
Last updated on: 2026-03-23
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| freefloat | freefloat_ftp_server | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2019-25614 is a critical remote buffer overflow vulnerability in Free Float FTP Server version 1.0. It occurs in the handling of the FTP STOR command, where an attacker can send a specially crafted request with an oversized payload that overflows a buffer.
This overflow allows remote attackers to execute arbitrary code on the FTP server without needing prior authentication, as anonymous login is permitted. The exploit payload consists of 247 bytes of padding, followed by a return address overwrite and shellcode that triggers code execution.
In practice, an attacker connects to the FTP server, logs in anonymously, and sends the malicious STOR command with the crafted payload, which leads to remote code execution and potentially full control over the server.
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows remote attackers to execute arbitrary code on the affected FTP server without authentication.
- Attackers can gain unauthorized control over the server.
- They can run malicious code, potentially leading to data theft, server compromise, or use of the server as a foothold for further attacks.
- Because the exploit requires no privileges or user interaction, it is highly dangerous and can be exploited remotely over the network.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring FTP traffic for anomalous STOR commands containing unusually large payloads, specifically those with 247 bytes of padding followed by suspicious return addresses and shellcode.'}, {'type': 'paragraph', 'content': 'A practical detection method involves capturing network traffic on port 21 (FTP) and inspecting STOR commands for oversized payloads.'}, {'type': 'paragraph', 'content': 'For example, using tcpdump or Wireshark to filter FTP STOR commands and analyze payload sizes can help identify potential exploit attempts.'}, {'type': 'list_item', 'content': 'tcpdump -i <interface> -A port 21 | grep STOR'}, {'type': 'list_item', 'content': 'Use Wireshark to filter with \'ftp.request.command == "STOR"\' and inspect the payload length for abnormal size (around or exceeding 247 bytes).'}, {'type': 'paragraph', 'content': 'Additionally, checking FTP server logs for anonymous login attempts followed by STOR commands with large payloads can indicate exploitation attempts.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting anonymous FTP access to prevent unauthorized users from exploiting the vulnerability.
If possible, disable the vulnerable Free Float FTP server or replace it with a patched or alternative FTP server version that is not affected by this buffer overflow.
Implement network-level controls such as firewall rules to block or limit access to the FTP server on port 21 from untrusted networks.
Monitor FTP traffic closely for suspicious STOR commands with large payloads and respond to any detected exploit attempts.