CVE-2018-25254

NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Attackers can connect to the FTP service and send oversized data in response handlers to overwrite SEH pointers and redirect execution to injected shellcode.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://en.softonic.com/download/nico-ftp/windows/post-download	Product
https://www.exploit-db.com/exploits/45442	Exploit VDB Entry
https://www.vulncheck.com/advisories/nico-ftp-buffer-overflow-seh	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:nico-ftp_project:nico-ftp:*:*:*:*:*:*:*:*

History

27 Apr 2026, 13:26

Type	Values Removed	Values Added
First Time		Nico-ftp Project nico-ftp Nico-ftp Project
References	~~() https://en.softonic.com/download/nico-ftp/windows/post-download -~~	() https://en.softonic.com/download/nico-ftp/windows/post-download - Product
References	~~() https://www.exploit-db.com/exploits/45442 -~~	() https://www.exploit-db.com/exploits/45442 - Exploit, VDB Entry
References	~~() https://www.vulncheck.com/advisories/nico-ftp-buffer-overflow-seh -~~	() https://www.vulncheck.com/advisories/nico-ftp-buffer-overflow-seh - Third Party Advisory
CPE		cpe:2.3:a:nico-ftp_project:nico-ftp::::::::

04 Apr 2026, 14:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-04 14:16

Updated : 2026-04-27 13:26

NVD link : CVE-2018-25254

Mitre link : CVE-2018-25254

CVE.ORG link : CVE-2018-25254

JSON object : View

Products Affected

nico-ftp_project

nico-ftp

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2018-25254", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-04-04T14:16:21.743", "references": [{"url": "https://en.softonic.com/download/nico-ftp/windows/post-download", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/45442", "tags": ["Exploit", "VDB Entry"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/nico-ftp-buffer-overflow-seh", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Attackers can connect to the FTP service and send oversized data in response handlers to overwrite SEH pointers and redirect execution to injected shellcode."}], "lastModified": "2026-04-27T13:26:40.773", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nico-ftp_project:nico-ftp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E21A9A8B-2157-4078-9F5A-1FE4F9A11C74", "versionEndIncluding": "3.0.1.19"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}