PT-2025-29552 · Unknown · Coloradoftp Server
Rvlaboratory
·
Published
2025-07-15
·
Updated
2025-07-15
·
CVE-2025-34110
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
ColoradoFTP Server versions prior to 1.3 Build 9
Description
A directory traversal issue exists in ColoradoFTP Server, allowing unauthenticated attackers to read or write arbitrary files outside the configured FTP root directory. The flaw is due to insufficient sanitation of user-supplied file paths in the FTP GET and PUT command handlers. Exploitation is possible by submitting traversal sequences during FTP operations, enabling access to system-sensitive files. This issue affects only the Windows version of ColoradoFTP.
Recommendations
Update to a version prior to 1.3 Build 9.
Exploit
Fix
Missing Authentication
Path traversal
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Coloradoftp Server