CVE-2025-14242
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk50th percentile - higher than 50% of all known CVEs
Summary
A flaw in vsftpd allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing. A remote, authenticated attacker can crash the server by sending a crafted STAT command with a specific byte sequence.
Risk Assessment
The risk is that an authenticated user can disrupt the FTP server's operation, potentially causing service unavailability for other clients.
Recommendation
Immediately update vsftpd to a version that includes a fix for the integer overflow vulnerability.
Original NVD description (English source)
A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.

