{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2018-25226", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-30T10:53:37.330Z", "datePublished": "2026-03-30T11:02:19.723Z", "dateUpdated": "2026-03-30T16:00:21.098Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-30T11:02:19.723Z"}, "datePublic": "2018-02-20T00:00:00.000Z", "title": "FTPShell Server 6.83 Denial of Service via Account Name", "descriptions": [{"lang": "en", "value": "FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' parameter within the Manage FTP Accounts interface."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "affected": [{"vendor": "Ftpshell", "product": "FTPShell Server", "versions": [{"version": "6.83", "status": "affected"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ftpshell:ftpshell_server:6.83:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ftpshell:ftpshell_server:2002:*:*:*:*:*:*:*"}]}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46430", "name": "ExploitDB-46430", "tags": ["exploit"]}, {"url": "http://www.ftpshell.com/index.htm", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "http://www.ftpshell.com/downloadserver.htm", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: FTPShell Server 6.83 Denial of Service via Account Name", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/ftpshell-server-denial-of-service-via-account-name"}], "credits": [{"lang": "en", "value": "Victor Mondrag\u00f3n", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T16:00:10.027725Z", "id": "CVE-2018-25226", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T16:00:21.098Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-25226", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T16:00:10.027725Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T16:00:16.942Z"}}], "cna": {"title": "FTPShell Server 6.83 Denial of Service via Account Name", "credits": [{"lang": "en", "type": "finder", "value": "Victor Mondrag\u00f3n"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Ftpshell", "product": "FTPShell Server", "versions": [{"status": "affected", "version": "6.83"}]}], "datePublic": "2018-02-20T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46430", "name": "ExploitDB-46430", "tags": ["exploit"]}, {"url": "http://www.ftpshell.com/index.htm", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "http://www.ftpshell.com/downloadserver.htm", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/ftpshell-server-denial-of-service-via-account-name", "name": "VulnCheck Advisory: FTPShell Server 6.83 Denial of Service via Account Name", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' parameter within the Manage FTP Accounts interface."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ftpshell:ftpshell_server:6.83:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:ftpshell:ftpshell_server:2002:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-30T11:02:19.723Z"}}}, "cveMetadata": {"cveId": "CVE-2018-25226", "state": "PUBLISHED", "dateUpdated": "2026-03-30T16:00:21.098Z", "dateReserved": "2026-03-30T10:53:37.330Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-30T11:02:19.723Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ftpshell:ftpshell_server:6.83:*:*:*:*:*:*:*", "matchCriteriaId": "B1CA14F8-D487-4555-B050-50FCED850F9A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' parameter within the Manage FTP Accounts interface."}, {"lang": "es", "value": "FTPShell Server 6.83 contiene una vulnerabilidad de desbordamiento de b\u00fafer que permite a atacantes locales bloquear la aplicaci\u00f3n al suministrar una cadena excesivamente larga en el campo de nombre de cuenta. Los atacantes pueden desencadenar una denegaci\u00f3n de servicio al pegar una carga \u00fatil de 417 bytes en el par\u00e1metro 'Account name to ban' dentro de la interfaz de Gesti\u00f3n de Cuentas FTP."}], "id": "CVE-2018-25226", "lastModified": "2026-03-31T19:24:49.053", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-30T12:16:15.077", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Broken Link"], "url": "http://www.ftpshell.com/downloadserver.htm"}, {"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "http://www.ftpshell.com/index.htm"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46430"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/ftpshell-server-denial-of-service-via-account-name"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.83"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "FTPShell Server", "source": "cna", "vendor": "Ftpshell"}, "product": "ftpshell_server", "vendor": "ftpshell"}], "analysis": {"en": {"generated_at": "2026-03-30T12:51:11.929899+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2011released patch for FTPShell Server 6.83 or upgrade to a version that fixes the buffer overflow.", "If a patch is not yet available, restrict local access to the Manage FTP Accounts interface or disable that feature until the fix is applied.", "Monitor application logs for abnormal termination or repeated account deletion attempts and isolate affected systems if a denial of service is detected."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The affected product is FTPShell Server, distributed by Ftpshell, with version 6.83 specifically listed in the CVE data. The CPE strings also reference a 2002 release, but no explicit vulnerability is documented for that version. No other affected versions are identified in the provided information.", "description_and_impact": "FTPShell Server 6.83 incorporates a buffer overflow that can be triggered by entering a 417\u2011byte string in the 'Account name to ban' field of the Manage FTP Accounts interface. The overflow resides in the account name handling code and causes the application to crash, resulting in a denial of service. This weakness is represented by CWE\u2011787, indicating a memory overwrite that compromises application stability.", "risk_and_exploitability": "The CVSS score of 6.9 classifies the vulnerability as medium\u2011to\u2011high severity for a denial of service. EPSS data is unavailable, and the issue is not listed in CISA\u2019s KEV catalog, suggesting no widely known exploitation. The attack requires local access and the ability to use the Manage FTP Accounts interface; a privileged local user can paste the overlong payload to crash the service, causing an outage. No additional exploitation conditions are mentioned."}}}}, "created": "2026-03-30T20:55:57.997318+00:00", "updated": "2026-03-31T20:41:06.985525+00:00", "vendors": ["ftpshell", "ftpshell$PRODUCT$ftpshell_server"]}