CVE-2019-25361

CRITICAL 9.8

Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST command with oversized payload to trigger a buffer overflow and execute a bind shell on port 5150.

CWE	CWE-121
Vendor	ayukov
Product	ayukov nftp client
Published	Feb 18, 2026
Last Updated	Feb 19, 2026

Stay Ahead of the Next One

Get instant alerts for ayukov ayukov nftp client

Be the first to know when new critical vulnerabilities affecting ayukov ayukov nftp client are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Ayukov / Ayukov NFTP client

1.71

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/47576 ayukov.com: http://ayukov.com/nftp/ vulncheck.com: https://www.vulncheck.com/advisories/ayukov-nftp-client-syst-buffer-overflow

Credits

Chase Hatch (SYANiDE)