CVE-2025-4161

Summary

A vulnerability classified as critical has been found in PCMan FTP Server up to 2.0.7. This affects an unknown part of the component VERBOSE Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
PCManFTP Server2.0.0affected
PCManFTP Server2.0.1affected
PCManFTP Server2.0.2affected
PCManFTP Server2.0.3affected
PCManFTP Server2.0.4affected
PCManFTP Server2.0.5affected
PCManFTP Server2.0.6affected
PCManFTP Server2.0.7affected

Weaknesses

  • CWE-120: Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References