216.73.217.64

CVE-2025-34107

· Published 15/07/2025 13:15 · Modified 15/07/2025 20:07

Labels: CVE-2025-34107 2025-07-15CVE-2025-34107CWE-121[email protected]

Essential information

Published
15/07/2025 13:15
Modified
15/07/2025 20:07
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A buffer overflow vulnerability exists in the WinaXe FTP Client version 7.7 within the FTP banner parsing functionality, WCMDPA10.dll. When the client connects to a remote FTP server and receives an overly long '220 Server Ready' response, the vulnerable component responsible for parsing the banner overflows a stack buffer, leading to arbitrary code execution under the context of the user.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
winaxe / ftp client cpe:2.3:a:winaxe:ftp_client:7.7:*:*:*:*:*:*:*

References