CVE-2025-4159

Summary

A vulnerability was found in PCMan FTP Server up to 2.0.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component GLOB Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
PCManFTP Server2.0.0affected
PCManFTP Server2.0.1affected
PCManFTP Server2.0.2affected
PCManFTP Server2.0.3affected
PCManFTP Server2.0.4affected
PCManFTP Server2.0.5affected
PCManFTP Server2.0.6affected
PCManFTP Server2.0.7affected

Weaknesses

  • CWE-120: Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References