CVE-2019-25654
Received Received - Intake
Buffer Overflow in Core FTP/SFTP Server Causes Denial of Service

Publication date: 2026-03-30

Last updated on: 2026-04-08

Assigner: VulnCheck

Description
Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Attackers can paste a malicious payload containing 7000 bytes of data into the domain configuration to trigger an application crash and deny service.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-30
Last Modified
2026-04-08
Generated
2026-06-16
AI Q&A
2026-03-30
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25654
EUVD
EUVD-2019-20046
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
coreftp core_ftp 1.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25654 is a buffer overflow vulnerability in Core FTP/SFTP Server version 1.2 and earlier. It occurs when an attacker inputs an excessively long stringβ€”around 7000 bytesβ€”into the User domain field of the server's configuration. This causes the application to crash due to improper handling of the large input, resulting in a denial of service.

Impact Analysis

This vulnerability can be exploited remotely without any privileges, user interaction, or authentication. An attacker can cause the Core FTP/SFTP Server to crash by sending a specially crafted payload in the User domain field, leading to a denial of service (DoS). This means legitimate users will be unable to access the FTP/SFTP service while it is down.

Detection Guidance

This vulnerability can be detected by checking if the Core FTP/SFTP Server version 1.2 or earlier is running and by verifying if the User domain field in the server's configuration contains an excessively long string, approximately 7000 bytes.

A practical detection method involves attempting to reproduce the crash by inputting a large payload (around 7000 'A' characters) into the User domain field as described in the proof-of-concept exploit.

There are no specific network commands provided to detect this vulnerability remotely, but monitoring for crashes or denial of service symptoms on the Core FTP/SFTP Server when handling domain configurations may indicate exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include avoiding the use of excessively long strings in the User domain field of the Core FTP/SFTP Server configuration.

If possible, upgrade the Core FTP/SFTP Server to a version later than 1.2 or apply any available patches that address this buffer overflow vulnerability.

Additionally, restrict access to the server to trusted users and networks to reduce the risk of remote exploitation, since the vulnerability can be triggered remotely without authentication.

Compliance Impact

The vulnerability in Core FTP/SFTP Server 1.2 allows an attacker to cause a denial of service by crashing the service through a buffer overflow in the User domain field. This denial of service could potentially impact the availability of the service.

However, there is no specific information provided about how this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25654. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart