πŸ” CVE Alert

CVE-2018-25252

MEDIUM 6.2

FTP Voyager 16.2.0 Denial of Service via Malformed Site Profile

CVSS Score
6.2
EPSS Score
0.0%
EPSS Percentile
2th

FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by injecting oversized buffer data into the site profile IP field. Attackers can create a malicious site profile containing 500 bytes of repeated characters and paste it into the IP field to trigger a buffer overflow that crashes the FTP Voyager process.

CWE CWE-787
Vendor serv-u
Product ftp voyager
Published Apr 4, 2026
Last Updated Apr 6, 2026
Stay Ahead of the Next One

Get instant alerts for serv-u ftp voyager

Be the first to know when new medium vulnerabilities affecting serv-u ftp voyager are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Affected Versions

Serv-U / FTP Voyager
16.2.0

References

NVD β†— CVE.org β†— EPSS Data β†—
exploit-db.com: https://www.exploit-db.com/exploits/45527 serv-u.com: https://www.serv-u.com/ serv-u.com: https://www.serv-u.com/ftp-voyager vulncheck.com: https://www.vulncheck.com/advisories/ftp-voyager-denial-of-service-via-malformed-site-profile

Credits

Abdullah AlΔ±Γ§