{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-4238", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-05-02T20:28:54.781Z", "datePublished": "2025-05-03T16:31:03.481Z", "dateUpdated": "2025-05-06T14:29:03.423Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-05-03T16:31:03.481Z"}, "title": "PCMan FTP Server MGET Command buffer overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "PCMan", "product": "FTP Server", "versions": [{"version": "2.0.7", "status": "affected"}], "modules": ["MGET Command Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. This affects an unknown part of the component MGET Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in PCMan FTP Server 2.0.7 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Komponente MGET Command Handler. Dank der Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "timeline": [{"time": "2025-05-02T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-05-02T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-05-02T22:34:09.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Fernando Mengali (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.307329", "name": "VDB-307329 | PCMan FTP Server MGET Command buffer overflow", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.307329", "name": "VDB-307329 | CTI Indicators (IOB, IOC)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.561561", "name": "Submit #561561 | PCMan FTP Server 2.0.7 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://fitoxs.com/exploit/exploit-a87ff679a2f3e71d9181a67b7542122c.txt", "tags": ["broken-link", "exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-06T13:47:13.775406Z", "id": "CVE-2025-4238", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-06T14:29:03.423Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4238", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-06T13:47:13.775406Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-06T14:28:59.080Z"}}], "cna": {"title": "PCMan FTP Server MGET Command buffer overflow", "credits": [{"lang": "en", "type": "reporter", "value": "Fernando Mengali (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "affected": [{"vendor": "PCMan", "modules": ["MGET Command Handler"], "product": "FTP Server", "versions": [{"status": "affected", "version": "2.0.7"}]}], "timeline": [{"lang": "en", "time": "2025-05-02T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-05-02T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-05-02T22:34:09.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.307329", "name": "VDB-307329 | PCMan FTP Server MGET Command buffer overflow", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.307329", "name": "VDB-307329 | CTI Indicators (IOB, IOC)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.561561", "name": "Submit #561561 | PCMan FTP Server 2.0.7 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://fitoxs.com/exploit/exploit-a87ff679a2f3e71d9181a67b7542122c.txt", "tags": ["broken-link", "exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. This affects an unknown part of the component MGET Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in PCMan FTP Server 2.0.7 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Komponente MGET Command Handler. Dank der Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-05-03T16:31:03.481Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4238", "state": "PUBLISHED", "dateUpdated": "2025-05-06T14:29:03.423Z", "dateReserved": "2025-05-02T20:28:54.781Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-05-03T16:31:03.481Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pcman:ftp_server:2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "FFCD8474-574E-46D1-A98D-394E7543FBD7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. This affects an unknown part of the component MGET Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en PCMan FTP Server 2.0.7. Se ha clasificado como cr\u00edtica. Afecta a una parte desconocida del componente MGET Command Handler. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer. Es posible iniciar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. "}], "id": "CVE-2025-4238", "lastModified": "2025-05-16T17:31:59.303", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-05-03T17:15:45.373", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://fitoxs.com/exploit/exploit-a87ff679a2f3e71d9181a67b7542122c.txt"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/?ctiid.307329"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.307329"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.561561"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-120"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}