CVE-2019-25611 HIGH

CVE-2019-25611: MiniFtp parseconf_load_setting Buffer Overflow via Configuration

Vendor Skyqinsc
Product MiniFtp
Weakness CWE-787
Published March 22, 2026
Last update March 23, 2026

CVSS base score

8.6/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite the return address, enabling code execution with root privileges.

Key dates

02Disclosure timeline

March 22, 2026 CVE published
March 23, 2026 Record updated