CVE-2025-5331

HIGH

Pcman FTP Server - Memory Corruption

Title source: rule

Description

A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. This vulnerability affects unknown code of the component NLST Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry

https://vuldb.com/?id.310504

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.310504

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.585404

Exploit exploit

https://github.com/r3ng4f/PCMan_1/blob/main/exploit02.txt

View Exploit ZIP pw:eip

Scores

CVSS v3 7.3

EPSS 0.0048

EPSS Percentile 65.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-119 CWE-120

Status published

Products (1)

pcman_ftp_server_project/pcman_ftp_server 2.0.7

Published May 29, 2025

Tracked Since Feb 18, 2026