CVE-2025-4160

Summary

A vulnerability was found in PCMan FTP Server up to 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component LS Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
PCManFTP Server2.0.0affected
PCManFTP Server2.0.1affected
PCManFTP Server2.0.2affected
PCManFTP Server2.0.3affected
PCManFTP Server2.0.4affected
PCManFTP Server2.0.5affected
PCManFTP Server2.0.6affected
PCManFTP Server2.0.7affected

Weaknesses

  • CWE-120: Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References