CVE-2025-5635 is a buffer overflow vulnerability identified in PCMan FTP Server version 2.0.7, specifically within the PLS Command Handler component. This vulnerability allows an unauthenticated remote attacker to send specially crafted commands to the FTP server, triggering a buffer overflow condition. Buffer overflow vulnerabilities occur when a program writes more data to a buffer than it can hold, potentially overwriting adjacent memory. This can lead to arbitrary code execution, crashes, or other unpredictable behavior. In this case, the vulnerability is exploitable remotely without requiring authentication or user interaction, increasing the attack surface significantly. The CVSS 4.0 base score is 6.9, indicating a medium severity level, with attack vector being network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact on confidentiality, integrity, and availability is rated as low to medium, suggesting that while exploitation could lead to some compromise, it may not fully allow complete system takeover or data exfiltration. No patches or fixes have been publicly linked yet, and no known exploits are reported in the wild, but public disclosure of the exploit code increases the risk of active exploitation. The vulnerability affects only version 2.0.7 of PCMan FTP Server, a product used for FTP services, which are often critical for file transfer operations in various organizations.

For European organizations, the impact of this vulnerability depends on the extent to which PCMan FTP Server 2.0.7 is deployed within their infrastructure. FTP servers often handle sensitive file transfers, including internal documents, backups, or client data. Exploitation could lead to service disruption due to crashes or potential unauthorized code execution, which might be leveraged for lateral movement or further attacks within the network. Given the medium severity and lack of required authentication, attackers could remotely compromise vulnerable servers, potentially impacting confidentiality and integrity of transferred data. Disruption of FTP services could affect business continuity, especially in sectors relying on legacy FTP infrastructure. Additionally, organizations in regulated industries (e.g., finance, healthcare) may face compliance risks if data confidentiality or availability is compromised. However, the absence of known active exploits and the limited affected version reduce immediate widespread impact. Organizations using updated or alternative FTP solutions are not affected. Overall, the threat is moderate but warrants timely attention to prevent exploitation.

1. Immediate mitigation should involve identifying all instances of PCMan FTP Server version 2.0.7 within the network through asset inventory and vulnerability scanning. 2. If possible, disable or isolate vulnerable FTP servers from external network access until a patch or update is available. 3. Monitor network traffic for unusual FTP command patterns that could indicate exploitation attempts targeting the PLS Command Handler. 4. Implement network-level controls such as firewall rules to restrict FTP access to trusted IP addresses only. 5. Consider migrating to more secure and actively maintained FTP server software that supports encrypted protocols like FTPS or SFTP to reduce exposure. 6. Regularly check vendor advisories or security bulletins for patches or updates addressing this vulnerability and apply them promptly once available. 7. Employ intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics capable of detecting buffer overflow attempts against FTP services. 8. Conduct internal awareness and training to ensure system administrators understand the risks and mitigation steps related to legacy FTP servers.