Cyber Resilience

CVE-2019-25361

HighPublic PoC

Published: 18 February 2026

Published
18 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0064 45.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25361 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Ayukov NFTP (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 45.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2019-25361 is a buffer overflow vulnerability in the Ayukov NFTP client version 1.71, specifically within the SYST command handling. This stack-based buffer overflow, mapped to CWE-121, allows remote attackers to execute arbitrary code by sending a specially crafted SYST command with an oversized payload. The vulnerability received a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), highlighting its critical severity due to high confidentiality, integrity, and availability impacts.

Remote attackers can exploit this vulnerability without authentication, privileges, or user interaction, connecting over the network to a vulnerable NFTP client instance. By transmitting a malformed SYST command, the oversized payload overflows the buffer, enabling arbitrary code execution, such as establishing a bind shell on TCP port 5150 for remote control of the affected system.

Advisories from VulnCheck detail the buffer overflow in Ayukov NFTP's SYST handling, while Exploit-DB provides a corresponding proof-of-concept exploit (ID 47576). The official Ayukov NFTP site at ayukov.com/nftp/ is referenced, though specific patch or mitigation guidance is not outlined in the available descriptions.

EU & UK References

Vulnerability details

Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST command with oversized payload to trigger a buffer overflow and execute…

more

a bind shell on port 5150.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Buffer overflow in FTP client enables remote arbitrary code execution via Exploitation for Client Execution (T1203).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-54480Shared CWE-121
CVE-2025-69195Shared CWE-121
CVE-2026-43661Shared CWE-121
CVE-2019-25321Shared CWE-121
CVE-2026-33554Shared CWE-121
CVE-2024-34579Shared CWE-121
CVE-2020-37142Shared CWE-121
CVE-2026-1761Shared CWE-121
CVE-2020-37181Shared CWE-121
CVE-2019-25365Shared CWE-121

Affected Assets

Ayukov
NFTP
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the buffer overflow vulnerability in Ayukov NFTP client 1.71 by applying patches or upgrading to a non-vulnerable version.

prevent

Validates the size and structure of incoming SYST command payloads to prevent buffer overflows from oversized inputs.

prevent

Implements memory protections like ASLR, DEP, and stack canaries to block arbitrary code execution even if the buffer overflow occurs.

References