CVE-2025-5664 is a buffer overflow vulnerability identified in FreeFloat FTP Server version 1.0, specifically within the RESTART Command Handler component. The vulnerability arises from improper handling of input data related to the FTP RESTART command, which allows an attacker to send crafted requests that overflow a buffer in memory. This overflow can corrupt adjacent memory, potentially leading to arbitrary code execution or denial of service. The vulnerability is remotely exploitable without requiring authentication or user interaction, increasing its risk profile. Although the CVSS 4.0 base score is 6.9 (medium severity), the potential for remote exploitation and memory corruption makes it a significant concern. No known exploits are currently reported in the wild, and no patches have been published yet. The FreeFloat FTP Server 1.0 is an older FTP server product, and this vulnerability highlights the risks of legacy software components still in use. The lack of authentication or user interaction requirements means attackers can attempt exploitation directly over the network, targeting exposed FTP services running this version. The vulnerability affects confidentiality, integrity, and availability to a limited extent, as successful exploitation could allow attackers to execute arbitrary code or crash the server, disrupting service and potentially gaining unauthorized access.

For European organizations, this vulnerability poses a risk primarily to those still operating FreeFloat FTP Server 1.0, especially in legacy or industrial environments where FTP remains in use for file transfers. Exploitation could lead to service disruption, data breaches, or unauthorized system control, impacting business continuity and data confidentiality. Given the remote exploitability without authentication, attackers could scan for exposed FTP servers and attempt exploitation, potentially leading to lateral movement within networks. Critical infrastructure, manufacturing, and sectors relying on legacy FTP servers for operational technology data exchange could be particularly vulnerable. The medium CVSS score suggests moderate impact, but the actual risk depends on the prevalence of this FTP server in European networks. Organizations with exposed FTP services should consider the risk of targeted attacks or opportunistic scanning. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate it, especially as exploit code may emerge following public disclosure.

1. Immediate mitigation should include disabling the FreeFloat FTP Server 1.0 service if it is not essential or replacing it with a modern, actively maintained FTP server software that has no known vulnerabilities. 2. If continued use is necessary, restrict network exposure by limiting FTP server access to trusted internal networks or VPNs, and block FTP ports (typically TCP 21) at the perimeter firewall to prevent unauthorized external access. 3. Implement network intrusion detection/prevention systems (IDS/IPS) with signatures or anomaly detection capable of identifying malformed FTP RESTART commands or buffer overflow attempts. 4. Monitor logs for unusual FTP activity, especially unexpected RESTART command usage or connection attempts from unknown sources. 5. Engage with the vendor or community to obtain patches or updates addressing this vulnerability as soon as they become available. 6. Consider deploying application-layer firewalls or FTP proxies that can sanitize or validate FTP commands to prevent malformed inputs from reaching the vulnerable server. 7. Conduct regular vulnerability scans and penetration tests focusing on legacy services to identify and remediate similar risks proactively.