CVE-2019-25654

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-25654
Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Attackers can paste a malicious payload containing 7000 bytes of data into the domain configuration to trigger an application crash and deny service.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://www.coreftp.com/ Product
http://www.coreftp.com/server/download/archive/CoreFTPServer589.42.exe Product
https://www.exploit-db.com/exploits/46371 Exploit VDB Entry
https://www.vulncheck.com/advisories/core-ftp-sftp-server-denial-of-service-via-buffer-overflow Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:coreftp:core_ftp:1.2:*:*:*:*:*:*:*
History

08 Apr 2026, 16:18

Type Values Removed Values Added
CPE cpe:2.3:a:coreftp:core_ftp:1.2:*:*:*:*:*:*:*
First Time Coreftp
Coreftp core Ftp
References () http://www.coreftp.com/ - () http://www.coreftp.com/ - Product
References () http://www.coreftp.com/server/download/archive/CoreFTPServer589.42.exe - () http://www.coreftp.com/server/download/archive/CoreFTPServer589.42.exe - Product
References () https://www.exploit-db.com/exploits/46371 - () https://www.exploit-db.com/exploits/46371 - Exploit, VDB Entry
References () https://www.vulncheck.com/advisories/core-ftp-sftp-server-denial-of-service-via-buffer-overflow - () https://www.vulncheck.com/advisories/core-ftp-sftp-server-denial-of-service-via-buffer-overflow - Third Party Advisory
Summary
  • (es) Servidor Core FTP/SFTP 1.2 contiene una vulnerabilidad de desbordamiento de búfer que permite a los atacantes bloquear el servicio al proporcionar una cadena excesivamente larga en el campo de dominio de Usuario. Los atacantes pueden pegar una carga útil maliciosa que contiene 7000 bytes de datos en la configuración del dominio para desencadenar un bloqueo de la aplicación y denegar el servicio.

30 Mar 2026, 12:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-30 12:16

Updated : 2026-04-08 16:18

NVD link : CVE-2019-25654

Mitre link : CVE-2019-25654

CVE.ORG link : CVE-2019-25654

JSON object : View

Products Affected

coreftp

  • core_ftp
CWE
CWE-787

Out-of-bounds Write