CVE-2025-65403 identifies a buffer overflow vulnerability in the g_cfg.MaxUsers parameter of LightFTP version 2.0. This vulnerability arises from improper bounds checking when processing the MaxUsers configuration input, allowing an attacker to supply crafted input that exceeds the buffer size. The overflow can corrupt memory, leading to a crash of the FTP service and resulting in a Denial of Service (DoS) condition. According to the CVSS 3.1 vector (6.5), the attack can be executed remotely over the network without requiring privileges, but it does require user interaction, such as sending a malicious FTP command or configuration input. The vulnerability affects availability only, with no direct impact on confidentiality or integrity. No patches or fixes have been published yet, and there are no known exploits in the wild. The vulnerability is classified under CWE-120 (Classic Buffer Overflow), a common and well-understood software weakness. Given LightFTP's role as an FTP server, exploitation could disrupt file transfer services critical to business operations. The lack of authentication requirements and low attack complexity increase the risk of opportunistic attacks, especially in environments where LightFTP is exposed to untrusted networks.

For European organizations, the primary impact is service disruption due to the Denial of Service caused by the buffer overflow. Organizations relying on LightFTP v2.0 for file transfers, especially in sectors like manufacturing, logistics, and government where FTP remains in use, may experience operational downtime. This can affect business continuity, delay data exchanges, and potentially impact dependent automated processes. Although the vulnerability does not compromise data confidentiality or integrity, the loss of availability can have cascading effects on supply chains and internal workflows. Additionally, organizations with regulatory obligations to maintain service availability may face compliance risks if disruptions occur. The absence of known exploits reduces immediate risk, but the vulnerability's ease of exploitation and network accessibility mean attackers could develop exploits rapidly once details are publicized. European entities with publicly accessible FTP servers are particularly vulnerable to remote exploitation attempts.

1. Immediately restrict network exposure of LightFTP servers by implementing firewall rules to limit access only to trusted IP addresses and internal networks. 2. Disable or restrict FTP services where possible, migrating to more secure file transfer protocols such as SFTP or FTPS. 3. Implement strict input validation and filtering on all FTP configuration inputs, especially those related to MaxUsers, to prevent malformed or oversized inputs. 4. Monitor FTP server logs for unusual or malformed requests that could indicate exploitation attempts. 5. Prepare for rapid deployment of patches or updates once the vendor releases a fix; maintain close communication with LightFTP developers or vendors. 6. Employ network intrusion detection systems (IDS) with signatures tuned to detect buffer overflow attempts targeting LightFTP. 7. Conduct regular security assessments and penetration testing focused on FTP infrastructure to identify and remediate weaknesses. 8. Educate system administrators about the vulnerability and the importance of minimizing FTP exposure and applying security best practices.