CVE Catalog

CVE-2025-14242

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.74%

50th percentile - higher than 50% of all known CVEs

Summary

A flaw in vsftpd allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing. A remote, authenticated attacker can crash the server by sending a crafted STAT command with a specific byte sequence.

Risk Assessment

The risk is that an authenticated user can disrupt the FTP server's operation, potentially causing service unavailability for other clients.

Recommendation

Immediately update vsftpd to a version that includes a fix for the integer overflow vulnerability.

Original NVD description (English source)

A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS