cbcvebase.
CVE-2010-20122
published 2025-08-21

CVE-2010-20122: Xftp FTP Client version up to and including 3.0 (build 0238) contain a stack-based buffer overflow vulnerability triggered by a maliciously crafted PWD…

PriorityP265critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.95%
56.7th percentile
Xftp FTP Client version up to and including 3.0 (build 0238) contain a stack-based buffer overflow vulnerability triggered by a maliciously crafted PWD response from an FTP server. When the client connects to a server and receives an overly long directory string in response to the PWD command, the client fails to properly validate the length of the input before copying it into a fixed-size buffer. This results in memory corruption and allows remote attackers to execute arbitrary code on the client system.

Affected

1 ranges
VendorProductVersion rangeFixed in
netsarang_computer_incxftp_ftp_client<= 3.0 (build 0238)

Detection & IOCsextracted from sources · hover to see the quote

commandPWD
  • Monitor FTP PWD responses containing excessively long directory strings directed at Xftp clients; a stack-based buffer overflow is triggered when the client copies an overly long PWD response into a fixed-size buffer.
  • A Metasploit module exists for this vulnerability targeting Windows FTP clients; detect exploitation attempts via the module path windows/ftp/xftp_client_pwd.
  • ·Vulnerability affects Xftp FTP Client versions up to and including 3.0 (build 0238) only; later builds may not be affected.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.