A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or write arbitrary files outside the configured FTP root directory. The flaw is due to insufficient sanitation of user-supplied file paths in the FTP GET and PUT command handlers. Exploitation is possible by submitting traversal sequences during FTP operations, enabling access to system-sensitive files. This issue affects only the Windows version of ColoradoFTP.
Metrics
Affected Vendors & Products
References
History
Wed, 16 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
Tue, 15 Jul 2025 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Tue, 15 Jul 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 15 Jul 2025 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Tue, 15 Jul 2025 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or write arbitrary files outside the configured FTP root directory. The flaw is due to insufficient sanitation of user-supplied file paths in the FTP GET and PUT command handlers. Exploitation is possible by submitting traversal sequences during FTP operations, enabling access to system-sensitive files. This issue affects only the Windows version of ColoradoFTP. | |
Title | ColoradoFTP Server <= 1.3 Build 8 Path Traversal Information Disclosure | |
Weaknesses | CWE-22 CWE-306 CWE-552 |
|
References |
|
|
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: VulnCheck
Published: 2025-07-15T13:01:10.712Z
Updated: 2025-07-15T13:44:56.509Z
Reserved: 2025-04-15T19:15:22.560Z
Link: CVE-2025-34110

Updated: 2025-07-15T13:44:47.466Z

Status : Awaiting Analysis
Published: 2025-07-15T13:15:30.833
Modified: 2025-07-15T20:07:28.023
Link: CVE-2025-34110

No data.