CVE-2019-25588

MEDIUM

BulletProof FTP Server 2019.0.0.50 Denial of Service via DNS Address

Title source: cna

Description

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a buffer of 700 bytes to trigger a crash when the Test function is invoked.

Exploits (1)

exploitdb WORKING POC

by Victor Mondragón · pythondoswindows

https://www.exploit-db.com/exploits/46875

View Code ZIP pw:eip

References (4)

[Exploit] https://www.exploit-db.com/exploits/46875

[Product] http://bpftpserver.com/

[Product] http://bpftpserver.com/products/bpftpserver/windows/download

[Third Party Advisory] https://www.vulncheck.com/advisories/bulletproof-ftp-server-denial-of-service-via-dns-address

Scores

CVSS v3 6.2

EPSS 0.0002

EPSS Percentile 4.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-1282

Status published

Products (2)

Bpftpserver/BulletProof FTP Server 2019.0.0.50

bpftpserver/bulletproof_ftp_server 2019.0.0.50

Published Mar 22, 2026

Tracked Since Mar 22, 2026