CVE-2025-14242

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions vsftpd (affected versions not specified)

Description A flaw exists in vsftpd that allows for a denial of service (DoS). This is due to an integer overflow in the parsing of the ls command parameter, which can be triggered by a remote, authenticated attacker sending a specially crafted STAT command containing a specific byte sequence. The vulnerability is related to how the software handles input during file listing operations.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2026:0605

ALSA-2026:0606

ALSA-2026:0608

BDU:2026-03569

CVE-2025-14242

OESA-2026-1345

RHSA-2026:0605

RHSA-2026:0606

RHSA-2026:0608

RHSA-2026:4470

RHSA-2026:4477

RHSA-2026:4513

RHSA-2026:4522

RHSA-2026:4525

RHSA-2026:4543

RHSA-2026:4550

RHSA-2026:4553

RHSA-2026:4554

Affected Products

Red Os

Rocky Linux

Vsftpd

CVE-2025-14242

Weakness Enumeration

Related Identifiers

Affected Products

References · 38