CVE-2018-25254

Exploit

EPSS 0.91%
Veröffentlicht 04.04.2026 13:51:17
Zuletzt bearbeitet 27.04.2026 13:26:40
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

NICO-FTP 3.0.1.19 Buffer Overflow SEH

NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Attackers can connect to the FTP service and send oversized data in response handlers to overwrite SEH pointers and redirect execution to injected shellcode.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nico-ftp Project ≫ Nico-ftp Version <= 3.0.1.19

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.91%	0.554

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
disclosure@vulncheck.com	9.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.exploit-db.com/exploits/45442

Exploit

VDB Entry

https://en.softonic.com/download/nico-ftp/windows/post-download

Product

https://www.vulncheck.com/advisories/nico-ftp-buffer-overflow-seh

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-25254

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-25254

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-25254

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-25254