CVE-2019-25588

MEDIUM

BulletProof FTP Server 2019.0.0.50 Denial of Service via DNS Address

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25588. PoCs published by Victor Mondragón.

AI-analyzed exploit summary This PoC exploits a buffer overflow vulnerability in BulletProof FTP Server 2019.0.0.50 by sending a crafted DNS address (700 'A' characters) to trigger a denial-of-service (DoS) condition. The exploit requires manual interaction to paste the payload into the application's settings.

Description

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a buffer of 700 bytes to trigger a crash when the Test function is invoked.

Exploits (1)

exploitdb WORKING POC

by Victor Mondragón · pythondoswindows

https://www.exploit-db.com/exploits/46875

View Code ZIP pw:eip

This PoC exploits a buffer overflow vulnerability in BulletProof FTP Server 2019.0.0.50 by sending a crafted DNS address (700 'A' characters) to trigger a denial-of-service (DoS) condition. The exploit requires manual interaction to paste the payload into the application's settings.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: BulletProof FTP Server 2019.0.0.50

No auth needed

Prerequisites: Python to generate payload · Manual interaction to paste payload into BulletProof FTP Server settings

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Mar 22, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-46875

https://www.exploit-db.com/exploits/46875

Product product

Official Product Homepage

http://bpftpserver.com/

Product product

Product Reference

http://bpftpserver.com/products/bpftpserver/windows/download

Third Party Advisory third-party-advisory

VulnCheck Advisory: BulletProof FTP Server 2019.0.0.50 Denial of Service via DNS Address

https://www.vulncheck.com/advisories/bulletproof-ftp-server-denial-of-service-via-dns-address

Scores

CVSS v3 6.2

EPSS 0.0017

EPSS Percentile 6.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-1282

Status published

Products (2)

Bpftpserver/BulletProof FTP Server 2019.0.0.50

bpftpserver/bulletproof_ftp_server 2019.0.0.50

Published Mar 22, 2026

Tracked Since Mar 22, 2026