CVE-2025-14242

6.5 MEDIUM

Published: January 14, 2026 Modified: March 16, 2026

Description

A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://access.redhat.com/errata/RHSA-2026:0605

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:0606

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:0608

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:4470

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:4477

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:4513

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:4522

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:4525

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:4543

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:4550

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:4553

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:4554

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2025-14242

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2419826

Source: secalert@redhat.com

14 reference(s) from NVD

Quick Stats

CVSS v3 Score

6.5 / 10.0

EPSS (Exploit Probability)

0.1%

31th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-190

Related CVEs