CVE-2019-25654
Published: 30 March 2026
Summary
CVE-2019-25654 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Coreftp Core Ftp. Its CVSS base score is 7.5 (High).
Operationally, ranked at the 17.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 directly prevents buffer overflows by enforcing input validation mechanisms, such as length checks, on the User domain field to reject excessively long strings.
SI-2 requires identification, reporting, and correction of flaws like this buffer overflow vulnerability through timely patching or software replacement.
SC-5 limits the effects of denial-of-service events like service crashes from buffer overflows using mechanisms such as rate limiting or traffic shaping.
NVD Description
Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Attackers can paste a malicious payload containing 7000 bytes of data into the…
more
domain configuration to trigger an application crash and deny service.
Deeper analysisAI
CVE-2019-25654 is a buffer overflow vulnerability (CWE-787) in Core FTP/SFTP Server version 1.2. The flaw occurs in the User domain field, where attackers can supply an excessively long string, such as a malicious payload containing 7000 bytes of data, during domain configuration. This triggers a buffer overflow that crashes the service, resulting in a denial of service. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Unauthenticated remote attackers with network access can exploit this vulnerability with low complexity and no user interaction required. By pasting the oversized payload into the domain configuration field, they can reliably crash the FTP/SFTP server process, disrupting service availability for all connected clients and potentially requiring manual restart.
Advisories and references provide further details on the issue, including a proof-of-concept exploit at https://www.exploit-db.com/exploits/46371 and a Vulncheck advisory at https://www.vulncheck.com/advisories/core-ftp-sftp-server-denial-of-service-via-buffer-overflow. The vendor site at http://www.coreftp.com/ and an archive download at http://www.coreftp.com/server/download/archive/CoreFTPServer589.42.exe are also referenced for additional context on the affected software.
Details
- CWE(s)