CVE-2019-25588

MEDIUM 6.2

BulletProof FTP Server 2019.0.0.50 Denial of Service via DNS Address

CVSS Score

6.2

EPSS Score

0.0%

EPSS Percentile

2th

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a buffer of 700 bytes to trigger a crash when the Test function is invoked.

CWE	CWE-1282
Vendor	bpftpserver
Product	bulletproof ftp server
Published	Mar 22, 2026
Last Updated	Mar 24, 2026

Stay Ahead of the Next One

Get instant alerts for bpftpserver bulletproof ftp server

Be the first to know when new medium vulnerabilities affecting bpftpserver bulletproof ftp server are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

Bpftpserver / BulletProof FTP Server

2019.0.0.50

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/46875 bpftpserver.com: http://bpftpserver.com/ bpftpserver.com: http://bpftpserver.com/products/bpftpserver/windows/download vulncheck.com: https://www.vulncheck.com/advisories/bulletproof-ftp-server-denial-of-service-via-dns-address

Credits

Victor Mondragón