cbcvebase.
CVE-2025-4255
published 2025-05-05

CVE-2025-4255: A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. This affects an unknown part of the component RMD Command Handler. The…

PriorityP273critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
1.88%
76.9th percentile
A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. This affects an unknown part of the component RMD Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Affected

1 ranges
VendorProductVersion rangeFixed in
pcmanftp_server

Detection & IOCsextracted from sources · hover to see the quote

versionPCMan FTP Server 2.0.7
commandRMD <2007-byte overflow payload>
bytes
0x74e32fd9
bytes
\xd9\x2f\xe3\x74
  • Detect oversized FTP RMD commands exceeding 2007 bytes, which is the exact overflow offset for this exploit.
  • Alert on FTP RMD command arguments beginning with or containing a long run of 'A' characters (pattern: 'A'x2007) followed by binary data — characteristic of this buffer overflow exploit.
  • Flag presence of JMP ESP gadget address 0x74e32fd9 (bytes \xd9\x2f\xe3\x74) in FTP RMD command payloads as a strong indicator of exploitation.
  • Bad characters for this exploit are \x00, \x0a, \x0d — shellcode in RMD payloads will not contain null bytes, newlines, or carriage returns.
  • The exploit targets Windows XP SP3 (x86); monitor for reverse shell connections on port 4444 originating from FTP server processes on this platform.
  • ·The reverse shell payload was generated with msfvenom for windows/shell_reverse_tcp; the specific shellcode bytes will vary per attacker-controlled lhost/lport — focus detection on the RMD command length and EIP overwrite bytes rather than the shellcode body.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.