CVE-2025-34110

CRITICAL

ColoradoFTP Server < 1.3 Build 8 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-34110. PoCs published by Rv3Laboratory, h00die <[email protected]>, RvLaboratory, including Metasploit module auxiliary/scanner/ftp/colorado_ftp_traversal.

AI-analyzed exploit summary This is a detailed vulnerability writeup describing a directory traversal flaw in ColoradoFTP v1.3 Prime Edition (Build 8). The advisory includes proof-of-concept commands demonstrating how an attacker can traverse directories and upload/download files outside the intended directory structure.

Description

A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or write arbitrary files outside the configured FTP root directory. The flaw is due to insufficient sanitation of user-supplied file paths in the FTP GET and PUT command handlers. Exploitation is possible by submitting traversal sequences during FTP operations, enabling access to system-sensitive files. This issue affects only the Windows version of ColoradoFTP.

Exploits (2)

exploitdb WRITEUP

by Rv3Laboratory · textwebappsjava

https://www.exploit-db.com/exploits/40231

View Code ZIP pw:eip

This is a detailed vulnerability writeup describing a directory traversal flaw in ColoradoFTP v1.3 Prime Edition (Build 8). The advisory includes proof-of-concept commands demonstrating how an attacker can traverse directories and upload/download files outside the intended directory structure.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: ColoradoFTP v1.3 Prime Edition (Build 8)

Auth required

Prerequisites: Access to the FTP server · Valid credentials or anonymous access

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

by h00die <[email protected]>, RvLaboratory · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ftp/colorado_ftp_traversal.rb

View Code ZIP pw:eip

This Metasploit module exploits a directory traversal vulnerability in ColoradoFTP Server 1.3 Build 8, allowing arbitrary file download via crafted GET commands with traversal strings. It includes authentication and file retrieval logic.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: ColoradoFTP Server <= 1.3 Build 8

Auth required

Prerequisites: Network access to the FTP server · Valid FTP credentials

MITRE ATT&CK

T1006 - Direct Volume Access T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Patch patch

https://bitbucket.org/nolife/coloradoftp/commits/16a60c4a74ef477cd8c16ca82442eaab2fbe8c86

View Patch ZIP pw:eip

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/ftp/colorado_ftp_traversal.rb

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/40231

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/colorado-ftp-server-path-traversal-information-disclosure

Scores

CVSS v4 9.3

EPSS 0.0130

EPSS Percentile 66.6%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-22 CWE-306 CWE-552

Status published

Products (1)

ColoradoFTP/Server < 1.3 Build 8

Published Jul 15, 2025

Tracked Since Feb 18, 2026