CVE-2010-2695
published 2010-07-12CVE-2010-2695: Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote…
PriorityP431medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EPSS
1.88%
76.8th percentile
Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via .. (dot dot) sequences in the (1) ls, (2) rm, (3) rename, and other unspecified commands.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xlightftpd | xlight_ftp_server | — | — |
| xlightftpd | xlight_ftp_server | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2019-25681 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2019-25681 [MEDIUM] CVE-2019-25681 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2019-25681 :
Xlight FTP Server vulnerability analysis and mitigation
Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by supplying a crafted buffer string. Attackers can inject a 428-byte payload through the program execution field in virtual server configuration to trigger a buffer overflow that corrupts the SEH chain and enables potential code execution.
Source : NVD
## 8.6
Score
Published April 5, 2026
Severity HIGH
CNA Score 8.6
Affected Technologies
Xlight FTP Server
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.3
Exploitation Probability (EPSS)
Wiz
CVE-2023-53886 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.8
CVE-2023-53886 [MEDIUM] CVE-2023-53886 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-53886 :
Xlight FTP Server vulnerability analysis and mitigation
Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the application. Attackers can trigger the vulnerability by inserting 294 characters into the program execution configuration, causing a denial of service condition.
Source : NVD
## 5.1
Score
Published December 15, 2025
Severity MEDIUM
CNA Score 5.1
Affected Technologies
Xlight FTP Server
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 21.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:xlightftpd:xlight_ftp_server
Sources
Windows No
http://osvdb.org/66037http://secunia.com/advisories/40473http://www.securityfocus.com/archive/1/512192/100/0/threadedhttp://www.xlightftpd.com/whatsnew.htmhttps://exchange.xforce.ibmcloud.com/vulnerabilities/60151http://osvdb.org/66037http://secunia.com/advisories/40473http://www.securityfocus.com/archive/1/512192/100/0/threadedhttp://www.xlightftpd.com/whatsnew.htmhttps://exchange.xforce.ibmcloud.com/vulnerabilities/60151
2010-07-12
Published