CVE-2025-34107
published 2025-07-15CVE-2025-34107: A buffer overflow vulnerability exists in the WinaXe FTP Client version 7.7 within the FTP banner parsing functionality, WCMDPA10.dll. When the client connects…
PriorityP357high8.7CVSS 4.0
AVNACLATNPRNUIPVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.76%
50.5th percentile
A buffer overflow vulnerability exists in the WinaXe FTP Client version 7.7 within the FTP banner parsing functionality, WCMDPA10.dll. When the client connects to a remote FTP server and receives an overly long '220 Server Ready' response, the vulnerable component responsible for parsing the banner overflows a stack buffer, leading to arbitrary code execution under the context of the user.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| labf | winaxe_ftp_client | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect WinaXe 7.7 FTP client connections to untrusted/external FTP servers — a malicious server sending an overly long '220 Server Ready' banner triggers the overflow in WCMDPA10.dll ↗
- →Monitor for anomalously large FTP 220 banner responses (far exceeding normal length) on port 21 directed at WinaXe clients — this is the exploit delivery vector ↗
- →Alert on process execution spawned from WCMDPA10.dll context following an FTP connection, which may indicate successful arbitrary code execution post-overflow ↗
- ·This is a client-side vulnerability — exploitation requires the WinaXe 7.7 FTP client to initiate a connection to a malicious/attacker-controlled FTP server; the attacker must be in a position to serve the malicious 220 banner (e.g., rogue server, MitM, or social engineering) ↗
- ·Code execution occurs under the privilege context of the logged-in user running WinaXe, not SYSTEM — post-exploitation impact depends on user privilege level ↗
- ·A public Metasploit module exists for this vulnerability, significantly lowering the bar for exploitation ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://hyp3rlinx.altervista.org/advisories/WINAXE-FTP-CLIENT-REMOTE-BUFFER-OVERFLOW.txthttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/winaxe_server_ready.rbhttps://www.exploit-db.com/exploits/40767https://www.vulncheck.com/advisories/wina-xe-ftp-client-remote-buffer-overflow
2025-07-15
Published