CVE-2019-25654 HIGH

CVE-2019-25654: Core FTP/SFTP Server 1.2 Denial of Service via Buffer Overflow

Vendor Coreftp
Product Core FTP/SFTP Server
Weakness CWE-787
Published March 30, 2026
Last update March 30, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Attackers can paste a malicious payload containing 7000 bytes of data into the domain configuration to trigger an application crash and deny service.

Key dates

02Disclosure timeline

March 30, 2026 CVE published
March 30, 2026 Record updated