CVE-2025-4158

Name of the Vulnerable Software and Affected Versions PCMan FTP Server versions 2.0.0 through 2.0.7

Description A critical vulnerability was found in the PCMan FTP Server, affecting an unknown function of the component PROMPT Command Handler. The manipulation leads to buffer overflow, and it is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This issue is classified as a buffer copy without checking the size of the input, also known as a 'Classic Buffer Overflow'.

Recommendations For PCMan FTP Server versions 2.0.0 through 2.0.7, consider disabling the PROMPT Command Handler until a patch is available. Restrict access to the vulnerable component to minimize the risk of exploitation. Avoid using the affected function of the PROMPT Command Handler in the FTP server until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.