{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-4791", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-05-15T16:05:09.870Z", "datePublished": "2025-05-16T17:00:10.063Z", "dateUpdated": "2025-05-16T18:09:00.778Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-05-16T17:00:10.063Z"}, "title": "FreeFloat FTP Server HASH Command buffer overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "FreeFloat", "product": "FTP Server", "versions": [{"version": "1.0", "status": "affected"}], "modules": ["HASH Command Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component HASH Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "In FreeFloat FTP Server 1.0 wurde eine kritische Schwachstelle gefunden. Es geht um eine nicht n\u00e4her bekannte Funktion der Komponente HASH Command Handler. Dank der Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "timeline": [{"time": "2025-05-15T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-05-15T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-05-15T18:10:22.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Fernando Mengali (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.309100", "name": "VDB-309100 | FreeFloat FTP Server HASH Command buffer overflow", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.309100", "name": "VDB-309100 | CTI Indicators (IOB, IOC)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.572480", "name": "Submit #572480 | FreeFloat FTP Server 1.0 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://fitoxs.com/exploit/exploit-bc230ff2f41a996bdab8ab4072a38e2e99aa486f2d7f50f8f9e983adb7dc4536.txt", "tags": ["broken-link", "exploit"]}]}, "adp": [{"references": [{"url": "https://fitoxs.com/exploit/exploit-bc230ff2f41a996bdab8ab4072a38e2e99aa486f2d7f50f8f9e983adb7dc4536.txt", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-16T18:08:57.843459Z", "id": "CVE-2025-4791", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-16T18:09:00.778Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4791", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-16T18:08:57.843459Z"}}}], "references": [{"url": "https://fitoxs.com/exploit/exploit-bc230ff2f41a996bdab8ab4072a38e2e99aa486f2d7f50f8f9e983adb7dc4536.txt", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-16T18:08:50.555Z"}}], "cna": {"title": "FreeFloat FTP Server HASH Command buffer overflow", "credits": [{"lang": "en", "type": "reporter", "value": "Fernando Mengali (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "affected": [{"vendor": "FreeFloat", "modules": ["HASH Command Handler"], "product": "FTP Server", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2025-05-15T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-05-15T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-05-15T18:10:22.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.309100", "name": "VDB-309100 | FreeFloat FTP Server HASH Command buffer overflow", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.309100", "name": "VDB-309100 | CTI Indicators (IOB, IOC)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.572480", "name": "Submit #572480 | FreeFloat FTP Server 1.0 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://fitoxs.com/exploit/exploit-bc230ff2f41a996bdab8ab4072a38e2e99aa486f2d7f50f8f9e983adb7dc4536.txt", "tags": ["broken-link", "exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component HASH Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "In FreeFloat FTP Server 1.0 wurde eine kritische Schwachstelle gefunden. Es geht um eine nicht n\u00e4her bekannte Funktion der Komponente HASH Command Handler. Dank der Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-05-16T17:00:10.063Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4791", "state": "PUBLISHED", "dateUpdated": "2025-05-16T18:09:00.778Z", "dateReserved": "2025-05-15T16:05:09.870Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-05-16T17:00:10.063Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component HASH Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad en FreeFloat FTP Server 1.0, clasificada como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del componente HASH Command Handler. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."}], "id": "CVE-2025-4791", "lastModified": "2025-05-19T13:35:20.460", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "[email protected]", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-05-16T17:15:57.007", "references": [{"source": "[email protected]", "url": "https://fitoxs.com/exploit/exploit-bc230ff2f41a996bdab8ab4072a38e2e99aa486f2d7f50f8f9e983adb7dc4536.txt"}, {"source": "[email protected]", "url": "https://vuldb.com/?ctiid.309100"}, {"source": "[email protected]", "url": "https://vuldb.com/?id.309100"}, {"source": "[email protected]", "url": "https://vuldb.com/?submit.572480"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://fitoxs.com/exploit/exploit-bc230ff2f41a996bdab8ab4072a38e2e99aa486f2d7f50f8f9e983adb7dc4536.txt"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-120"}], "source": "[email protected]", "type": "Secondary"}]}

{}