CVE-2014-125114 HIGH

CVE-2014-125114: i-Ftp 2.20 Schedule.xml Stack-Based Buffer Overflow

Vendor I-Ftp
Product i-Ftp
Weakness CWE-121
Published July 25, 2025
Last update April 7, 2026

CVSS base score

8.4/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A stack-based buffer overflow vulnerability exists in i-Ftp version 2.20 due to improper handling of the Time attribute within Schedule.xml. By placing a specially crafted Schedule.xml file in the i-Ftp application directory, a remote attacker can trigger a buffer overflow during scheduled download parsing, potentially leading to arbitrary code execution or a crash.

Key dates

02Disclosure timeline

July 25, 2025 CVE published
April 7, 2026 Record updated