CVE-2018-25252

MEDIUM

FTP Voyager 16.2.0 Denial of Service via Malformed Site Profile

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25252. PoCs published by Abdullah Alıç.

AI-analyzed exploit summary This Python script generates a 500-byte buffer of 'A' characters and writes it to a file named 'boom.txt'. The exploit triggers a denial of service (DoS) in FTP Voyager 16.2.0 when the content is pasted into the 'IP:' field during site profile creation.

Description

FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by injecting oversized buffer data into the site profile IP field. Attackers can create a malicious site profile containing 500 bytes of repeated characters and paste it into the IP field to trigger a buffer overflow that crashes the FTP Voyager process.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Abdullah Alıç · pythondoswindows_x86
https://www.exploit-db.com/exploits/45527

This Python script generates a 500-byte buffer of 'A' characters and writes it to a file named 'boom.txt'. The exploit triggers a denial of service (DoS) in FTP Voyager 16.2.0 when the content is pasted into the 'IP:' field during site profile creation.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: FTP Voyager 16.2.0
No auth needed
Prerequisites: FTP Voyager 16.2.0 installed on Windows XP Professional SP3 · User interaction to paste payload into 'IP:' field
devstral-2 · analyzed Apr 07, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit
ExploitDB-45527
https://www.exploit-db.com/exploits/45527
Product product
Official Product Homepage
https://www.serv-u.com/
Product product
Product Reference
https://www.serv-u.com/ftp-voyager
Third Party Advisory third-party-advisory
VulnCheck Advisory: FTP Voyager 16.2.0 Denial of Service via Malformed Site Profile
https://www.vulncheck.com/advisories/ftp-voyager-denial-of-service-via-malformed-site-profile

Scores

CVSS v3 6.2
EPSS 0.0030
EPSS Percentile 21.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (2)
Serv-U/FTP Voyager 16.2.0
solarwinds/ftp_voyager < 16.2.0
Published Apr 04, 2026
Tracked Since Apr 04, 2026