CVE-2020-19596
published 2021-04-05CVE-2020-19596: Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a crafted username.
PriorityP348critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.29%
66.6th percentile
Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a crafted username.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| coreftp | core_ftp | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2019-25654 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2019-25654 [CRITICAL] CVE-2019-25654 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2019-25654 :
CoreFTP Server vulnerability analysis and mitigation
Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Attackers can paste a malicious payload containing 7000 bytes of data into the domain configuration to trigger an application crash and deny service.
Source : NVD
## 8.7
Score
Published March 30, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
CoreFTP Server
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 16
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:coreftp:core_ftp
Sources
Windows Severity HIG
Wiz
CVE-2019-25686 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2019-25686 [CRITICAL] CVE-2019-25686 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2019-25686 :
CoreFTP Server vulnerability analysis and mitigation
Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows unauthenticated attackers to crash the service by sending a malformed command with an oversized buffer. Attackers can send a PBSZ command with a payload exceeding 211 bytes to trigger an access violation and crash the FTP server process.
Source : NVD
## 8.7
Score
Published April 5, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
CoreFTP Server
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:coreftp:core_ftp
Sources
NVD
Win
2021-04-05
Published