Cyber Resilience

CVE-2019-25654

HighPublic PoC

Published: 30 March 2026

Published
30 March 2026
Modified
08 April 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0069 48.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25654 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Coreftp Core Ftp. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2019-25654 is a buffer overflow vulnerability (CWE-787) in Core FTP/SFTP Server version 1.2. The flaw occurs in the User domain field, where attackers can supply an excessively long string, such as a malicious payload containing 7000 bytes of data, during domain configuration. This triggers a buffer overflow that crashes the service, resulting in a denial of service. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Unauthenticated remote attackers with network access can exploit this vulnerability with low complexity and no user interaction required. By pasting the oversized payload into the domain configuration field, they can reliably crash the FTP/SFTP server process, disrupting service availability for all connected clients and potentially requiring manual restart.

Advisories and references provide further details on the issue, including a proof-of-concept exploit at https://www.exploit-db.com/exploits/46371 and a Vulncheck advisory at https://www.vulncheck.com/advisories/core-ftp-sftp-server-denial-of-service-via-buffer-overflow. The vendor site at http://www.coreftp.com/ and an archive download at http://www.coreftp.com/server/download/archive/CoreFTPServer589.42.exe are also referenced for additional context on the affected software.

EU & UK References

Vulnerability details

Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Attackers can paste a malicious payload containing 7000 bytes of data into the…

more

domain configuration to trigger an application crash and deny service.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Buffer overflow in public-facing FTP/SFTP server directly enables remote exploitation (T1190) to crash the service via application exploitation (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2019-25686Same product: Coreftp Core Ftp
CVE-2025-25901Shared CWE-787
CVE-2025-32008Shared CWE-787
CVE-2026-27664Shared CWE-787
CVE-2024-13166Shared CWE-787
CVE-2024-24423Shared CWE-787
CVE-2024-13165Shared CWE-787
CVE-2025-25898Shared CWE-787
CVE-2026-26740Shared CWE-787
CVE-2026-32636Shared CWE-787

Affected Assets

coreftp
core ftp
1.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 directly prevents buffer overflows by enforcing input validation mechanisms, such as length checks, on the User domain field to reject excessively long strings.

prevent

SI-2 requires identification, reporting, and correction of flaws like this buffer overflow vulnerability through timely patching or software replacement.

prevent

SC-5 limits the effects of denial-of-service events like service crashes from buffer overflows using mechanisms such as rate limiting or traffic shaping.

References