CVE-2025-14242

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-14242
A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2026:0605
https://access.redhat.com/errata/RHSA-2026:0606
https://access.redhat.com/errata/RHSA-2026:0608
https://access.redhat.com/errata/RHSA-2026:4470
https://access.redhat.com/errata/RHSA-2026:4477
https://access.redhat.com/errata/RHSA-2026:4513
https://access.redhat.com/errata/RHSA-2026:4522
https://access.redhat.com/errata/RHSA-2026:4525
https://access.redhat.com/errata/RHSA-2026:4543
https://access.redhat.com/errata/RHSA-2026:4550
https://access.redhat.com/errata/RHSA-2026:4553
https://access.redhat.com/errata/RHSA-2026:4554
https://access.redhat.com/security/cve/CVE-2025-14242
https://bugzilla.redhat.com/show_bug.cgi?id=2419826
Configurations

No configuration.

History

16 Mar 2026, 14:17

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:4553 -
  • () https://access.redhat.com/errata/RHSA-2026:4554 -

13 Mar 2026, 19:53

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:4543 -
  • () https://access.redhat.com/errata/RHSA-2026:4550 -

12 Mar 2026, 19:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:4470 -
  • () https://access.redhat.com/errata/RHSA-2026:4513 -
  • () https://access.redhat.com/errata/RHSA-2026:4522 -
  • () https://access.redhat.com/errata/RHSA-2026:4525 -

12 Mar 2026, 14:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:4477 -

14 Jan 2026, 22:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:0606 -

14 Jan 2026, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2026-01-14 16:15

Updated : 2026-03-16 14:17

NVD link : CVE-2025-14242

Mitre link : CVE-2025-14242

CVE.ORG link : CVE-2025-14242

JSON object : View

Products Affected

No product.

CWE
CWE-190

Integer Overflow or Wraparound