CVE-2025-11947 LOW

CVE-2025-11947: bftpd Configuration File options.c expand_groups heap-based overflow

Vendor N/A
Product bftpd
Weakness CWE-122
Published October 19, 2025
Last update February 24, 2026

CVSS base score

2.0/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A weakness has been identified in bftpd up to 6.2. Impacted is the function expand_groups of the file options.c of the component Configuration File Handler. Executing a manipulation can lead to heap-based buffer overflow. It is possible to launch the attack on the local host. Attacks of this nature are highly complex. The exploitability is considered difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

October 19, 2025 CVE published
February 24, 2026 Record updated