CVE-2019-25614

CRITICAL

Free Float FTP 1.0 STOR Command Remote Buffer Overflow

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25614. PoCs published by Kevin Randall.

AI-analyzed exploit summary This exploit demonstrates a remote buffer overflow vulnerability in Free Float FTP 1.0 via the STOR command. It includes shellcode generated by MSFVenom to achieve remote code execution on the target system.

Description

Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized payload. Attackers can authenticate with anonymous credentials and send a malicious STOR command containing 247 bytes of padding followed by a return address and shellcode to trigger code execution on the FTP server.

Exploits (1)

exploitdb WORKING POC

by Kevin Randall · pythonremotewindows

https://www.exploit-db.com/exploits/46763

View Code ZIP pw:eip

This exploit demonstrates a remote buffer overflow vulnerability in Free Float FTP 1.0 via the STOR command. It includes shellcode generated by MSFVenom to achieve remote code execution on the target system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Free Float FTP 1.0

Auth required

Prerequisites: Target IP address · MSFVenom for shellcode generation · Listener setup for reverse shell

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 22, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-46763

https://www.exploit-db.com/exploits/46763

Product product

Product Reference

http://www.freefloat.com/software/freefloatftpserver.zip

Third Party Advisory third-party-advisory

VulnCheck Advisory: Free Float FTP 1.0 STOR Command Remote Buffer Overflow

https://www.vulncheck.com/advisories/free-float-ftp-stor-command-remote-buffer-overflow

Scores

CVSS v3 9.8

EPSS 0.0095

EPSS Percentile 56.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-787

Status published

Products (2)

Freefloat/Free Float FTP 1.0

freefloat/freefloat_ftp_server 1.0

Published Mar 22, 2026

Tracked Since Mar 22, 2026