cbcvebase.
CVE-2025-34107
published 2025-07-15

CVE-2025-34107: A buffer overflow vulnerability exists in the WinaXe FTP Client version 7.7 within the FTP banner parsing functionality, WCMDPA10.dll. When the client connects…

PriorityP357high8.7CVSS 4.0
AVNACLATNPRNUIPVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.76%
50.5th percentile
A buffer overflow vulnerability exists in the WinaXe FTP Client version 7.7 within the FTP banner parsing functionality, WCMDPA10.dll. When the client connects to a remote FTP server and receives an overly long '220 Server Ready' response, the vulnerable component responsible for parsing the banner overflows a stack buffer, leading to arbitrary code execution under the context of the user.

Affected

1 ranges
VendorProductVersion rangeFixed in
labfwinaxe_ftp_client

Detection & IOCsextracted from sources · hover to see the quote

filenameWCMDPA10.dll
versionWinaXe FTP Client 7.7
  • Detect WinaXe 7.7 FTP client connections to untrusted/external FTP servers — a malicious server sending an overly long '220 Server Ready' banner triggers the overflow in WCMDPA10.dll
  • Monitor for anomalously large FTP 220 banner responses (far exceeding normal length) on port 21 directed at WinaXe clients — this is the exploit delivery vector
  • Alert on process execution spawned from WCMDPA10.dll context following an FTP connection, which may indicate successful arbitrary code execution post-overflow
  • ·This is a client-side vulnerability — exploitation requires the WinaXe 7.7 FTP client to initiate a connection to a malicious/attacker-controlled FTP server; the attacker must be in a position to serve the malicious 220 banner (e.g., rogue server, MitM, or social engineering)
  • ·Code execution occurs under the privilege context of the logged-in user running WinaXe, not SYSTEM — post-exploitation impact depends on user privilege level
  • ·A public Metasploit module exists for this vulnerability, significantly lowering the bar for exploitation
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.