freefloat 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには バッファオーバーフロー and vendor risk memory corruption があり、vendor surface production workloads and vendor surface software deployment の利用場面で アプリケーションクラッシュ and vendor impact memory corruption などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2019-25614 | Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized payload. Attackers can authenticate with anonymous credentials and send a malicious STOR command containing 247 bytes of padding followed by a return address and shellcode to trigger code execution on the FTP server. | [email protected] | 9.3 | 0.86% | 2026-03-22 | 2026-03-23 |
| CVE-2012-10030 | FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server accepts empty credentials, defaults user access to the root of the C:\ drive, and imposes no restrictions on file type or destination path. These conditions enable attackers to upload executable payloads and .mof files to locations such as system32 and wbem\mof, where Windows Management Instrumentation (WMI) automatically p | [email protected] | 9.3 | 72.56% | 2025-08-05 | 2025-09-03 |
| CVE-2012-10023 | A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrite memory and potentially execute arbitrary code. The flaw is triggered by sending an overly long username string, which overflows the buffer allocated for user authentication. | [email protected] | 6.9 | 80.47% | 2025-08-05 | 2025-09-03 |
| CVE-2025-5667 | A vulnerability was found in FreeFloat FTP Server 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component REIN Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.9 | 0.48% | 2025-06-05 | 2025-06-24 |
| CVE-2025-5666 | A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component XMKD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.9 | 0.48% | 2025-06-05 | 2025-06-24 |
| CVE-2025-5665 | A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function of the component XCWD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.9 | 0.48% | 2025-06-05 | 2025-06-24 |
| CVE-2025-5664 | A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component RESTART Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.9 | 0.48% | 2025-06-05 | 2025-06-24 |
| CVE-2025-5596 | A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function of the component REGET Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.9 | 0.48% | 2025-06-04 | 2025-06-24 |
| CVE-2025-5595 | A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component PROGRESS Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.9 | 0.48% | 2025-06-04 | 2025-06-24 |
| CVE-2025-5594 | A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component SET Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.9 | 0.48% | 2025-06-04 | 2025-06-13 |
| CVE-2025-5593 | A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component HOST Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.9 | 0.48% | 2025-06-04 | 2025-06-13 |
| CVE-2025-5592 | A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component PASSIVE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.9 | 0.48% | 2025-06-04 | 2025-06-09 |
| CVE-2025-5551 | A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. This affects an unknown part of the component SYSTEM Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.9 | 0.48% | 2025-06-04 | 2025-06-24 |
| CVE-2025-5550 | A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this issue is some unknown functionality of the component PBSZ Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.9 | 0.48% | 2025-06-04 | 2025-06-24 |
| CVE-2025-5549 | A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component PASV Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.9 | 0.48% | 2025-06-04 | 2025-06-24 |
| CVE-2025-5548 | A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component NOOP Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.9 | 1.84% | 2025-06-04 | 2025-06-24 |
| CVE-2025-5547 | A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. This issue affects some unknown processing of the component CDUP Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.9 | 0.48% | 2025-06-04 | 2025-06-24 |
| CVE-2025-5357 | A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component PWD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.9 | 0.48% | 2025-05-30 | 2025-06-16 |
| CVE-2025-5356 | A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function of the component BYE Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.9 | 0.48% | 2025-05-30 | 2025-06-24 |
| CVE-2025-5330 | A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component RETR Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.9 | 0.46% | 2025-05-29 | 2025-06-23 |