Cyber Resilience

CVE-2024-58299

CriticalPublic PoC

Published: 12 December 2025

Published
12 December 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0029 52.9th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-58299 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Sourceforge (inferred from references). Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 47.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2024-58299 is a stack-based buffer overflow vulnerability (CWE-121) in the 'pwd' command of PCMan FTP Server 2.0. The flaw allows remote attackers to execute arbitrary code by sending a specially crafted payload during the FTP login process, which overwrites memory and can lead to full system access. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its ease of exploitation and severe impact.

Remote, unauthenticated attackers can exploit this vulnerability over the network with low complexity and no user interaction required. By connecting to an affected FTP server and issuing the malformed 'pwd' command during login, they can trigger the overflow, achieve remote code execution, and potentially compromise the host system, exfiltrating data, modifying files, or using it as a pivot point.

Advisories and related resources include a VulnCheck advisory detailing the remote buffer overflow via the 'pwd' command (https://www.vulncheck.com/advisories/pcman-ftp-server-remote-buffer-overflow-via-pwd-command), a public proof-of-concept exploit on Exploit-DB (https://www.exploit-db.com/exploits/51767), and the project page on SourceForge (https://sourceforge.net/projects/pcmanftpd/). Practitioners should review these for any recommended mitigations or patches, as the CVE description does not specify fixes.

A public exploit is available, highlighting the risk of active exploitation against unpatched instances of this legacy FTP server.

EU & UK References

Vulnerability details

PCMan FTP Server 2.0 contains a buffer overflow vulnerability in the 'pwd' command that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted payload during the FTP login process to overwrite memory and potentially gain system…

more

access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in public-facing PCMan FTP Server enables remote unauthenticated arbitrary code execution via crafted 'pwd' command, directly facilitating T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-11779Shared CWE-121
CVE-2026-25823Shared CWE-121
CVE-2025-69766Shared CWE-121
CVE-2025-60691Shared CWE-121
CVE-2019-25364Shared CWE-121
CVE-2026-39047Shared CWE-121
CVE-2025-69764Shared CWE-121
CVE-2019-25319Shared CWE-121
CVE-2025-54491Shared CWE-121
CVE-2026-42469Shared CWE-121

Affected Assets

Sourceforge
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely remediation of the known buffer overflow vulnerability in PCMan FTP Server's 'pwd' command to eliminate the risk of remote code execution.

prevent

Provides memory protections like address space layout randomization and data execution prevention to block arbitrary code execution from stack-based buffer overflows.

prevent

Enforces information input validation at FTP command entry points to reject specially crafted 'pwd' payloads that trigger the buffer overflow.

References