CVE-2019-25654
Buffer Overflow in Core FTP/SFTP Server Causes Denial of Service
Publication date: 2026-03-30
Last updated on: 2026-04-08
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| coreftp | core_ftp | 1.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2019-25654 is a buffer overflow vulnerability in Core FTP/SFTP Server version 1.2 and earlier. It occurs when an attacker inputs an excessively long stringβaround 7000 bytesβinto the User domain field of the server's configuration. This causes the application to crash due to improper handling of the large input, resulting in a denial of service.
How can this vulnerability impact me? :
This vulnerability can be exploited remotely without any privileges, user interaction, or authentication. An attacker can cause the Core FTP/SFTP Server to crash by sending a specially crafted payload in the User domain field, leading to a denial of service (DoS). This means legitimate users will be unable to access the FTP/SFTP service while it is down.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the Core FTP/SFTP Server version 1.2 or earlier is running and by verifying if the User domain field in the server's configuration contains an excessively long string, approximately 7000 bytes.
A practical detection method involves attempting to reproduce the crash by inputting a large payload (around 7000 'A' characters) into the User domain field as described in the proof-of-concept exploit.
There are no specific network commands provided to detect this vulnerability remotely, but monitoring for crashes or denial of service symptoms on the Core FTP/SFTP Server when handling domain configurations may indicate exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of excessively long strings in the User domain field of the Core FTP/SFTP Server configuration.
If possible, upgrade the Core FTP/SFTP Server to a version later than 1.2 or apply any available patches that address this buffer overflow vulnerability.
Additionally, restrict access to the server to trusted users and networks to reduce the risk of remote exploitation, since the vulnerability can be triggered remotely without authentication.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Core FTP/SFTP Server 1.2 allows an attacker to cause a denial of service by crashing the service through a buffer overflow in the User domain field. This denial of service could potentially impact the availability of the service.
However, there is no specific information provided about how this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA.